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(54) DATA REPRODUCiNG/RECORDING APPARATUS / METHOD AND LIST UPDATING METHOD 



(57) Identifiers for both media and contents which 
are difference categories are stored in a revocation list, 
and also version information is set. Further, the list is 
capable of being set up in a memory interface, and can 
be continuously used at the time of mounting media and 
at the time of reproducing contents. Upon reading out 
contents, the version of the revocation list which the de- 



vice holds is verified, and In the event that the version 
of the revocation list held is older, reading out of contents 
is cancelled. Also, the configuration allows unauthorized 
contents and unauthorized media to be revoked by per- 
forming collation with a media identifier at the time of 
mounting media, and collation with a contents identifier 
at the time of using contents. 
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Description 

Technical Field 

[0001] The present invention relates to a data repro- 
ducing device, data recording device, and data repro- 
ducing method, data recording method, list updating 
method, and program providing medium. The present 
invention particularly relates to a data reproducing de- 
vice, data recording device, and data reproducing meth- 
od, data recording method, list updating method, and 
program providing medium, which enables version 
managing of revocation lists generated in order to re- 
voke unauthorized media, unauthorized contents, etc., 
and also enables efficient reference and usage of revo- 
cation lists. 

Baclcground Art 

[0002] The rapid spread of the internet In recent 
years, along with widespread use of mobile type minia- 
ture players, game devices, etc., has led to a rapid in- 
crease in distribution of various types of soft data such 
as music data, game programs, image data, and so forth 
(hereafter referred to as contents) via networks such as 
the Intemet or the like or recording media such as DVDs. 
CD, memory cards, and the like. These distributed con- 
tents may be subjected to contents playing processing 
or program execution by being received from a network 
by a PC (personal computer) owned by a user, a dedi- 
cated reproducing device, or a game device, and stored 
in a recording medium, or mounting a recording medium 
such as a memory card, CD. DVD, etc., storing the con- 
tents, to a dedicated reproducing device or game de- 
vice. 

[0003] A device which is recently often used as a con- 
tents recording device is flash memory. Flash memory 
is a sort of non-volatile memory which can be electrically 
rewritten, called EEPROM (Electrically Erasable Pro- 
grammable ROM). Conventional EEPROM has one bit 
configured with two transistors, so the area occupied by 
one bit is great, and there has been limits to the extent 
of increasing integration, but flash memory enables one 
bit to be realized with one transistor, by block erasing 
for all bits. There are hopes for flash memory to replace 
recording media such as magnetic disks, optical disks, 
and so forth. 

[0004] Memory cards wherein flash memory is config- 
ured so as to be detachable from data recording/repro- 
ducing devices are also known. Using such memory 
cards allows digital audio recording/reproducing devic- 
es to be realized using memory cards instead of disk- 
formed media such as conventional CDs (Compact 
Disk: a registered trademark) and MDs (Mini-Disk: a 
registered trademark) and the like. 
[0005] In the event of using contents storing device 
using flash memory with personal computers (PC), re- 
producing device, or the like, a file managing system 



called FAT (File Allocation Table) is commonly used as 
an access information table. With a FAT system, upon 
a necessary file being defined, parameters necessary 
therein are set in order from the head of the file. Conse- 

5 quently, the file size can be made to be variable, and 
one file can be configured of one or multiple managing 
units (sectors, clusters, etc.). Items related to the man- 
aging units is written to the table called a FAT. This FAT 
system allows files to be readily structured, regardless 

10 of the physical properties of the recording medium. Ac- 
cordingly, the FAT system can be employed with not only 
floppy disks and hard disk, but with magneto-optical 
disks, as well. FAT systems are being employed with the 
above-described memory cards, also. 

15 [0006] The various kinds of contents such as music 
data, image data, programs, etc.. are called up from the 
above-described flash memory for example, based on 
the above-described FAT, by user instructions from a re- 
producing device, game device, information device 

20 main unit such as a PC or the like, used as reproducing 
equipment, or user instructions via connected input 
means, and then reproduced through the information 
device main unit, or connected displays, speakers, etc. 
[0007] Further, with many software contents such as 

25 the game programs, music data, image data, etc., gen- 
erally, the creator and distributor hold the rights to dis- 
tribution. Accordingly, with regard to distribution of these 
contents, It is common that use of software is permitted 
only for certain usage restrictions, i.e., for a valid user, 

30 and steps are taken so that unpermitted copying and the 
like does not occur, i.e., the configuration takes security 
into consideration. 

[0008] One technique for realizing usage restrictions 
for users Is encrypting processing of distribution con- 
35 tents. That is, various types of contents such as audio 
data. Image data, game programs, etc.. that have been 
encrypted are distributed via the Intemet. for example, 
while means for decrypting the distributed encrypted 
contents, I.e., a decrypting key. is provided only to indi- 
go viduals who are recognized as being a valid user. 
[0009] Encrypted data can be restored to usable de- 
crypted data (plaintext) by decryption processing ac- 
cording to predetermined procedures. Encryption and 
decryption methods using encryption keys for such en- 
45 cryption processing information of information, and us- 
ing decryption keys for decryption processing, have 
been conventionally well known. 
[0010] The revocation list has been proposed as a 
method for revoking unauthorized media and unauthor- 
50 ized contents, in contents recording/reproducing devic- 
es. Devices which execute recording and reproducing 
of contents perform collation between an identifier of 
contents storing contents at the time of reproducing con- 
tents, for example, and a contents identifier listed in a 
55 revocation list, and in the event that matching identifiers 
are found, processing for canceling the reproduction 
processing is performed since the contents are unau- 
thorized, thereby enabling unauthorized contents usage 
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to be revoked. 

[0011] However there has been the possibility that 
processing might be perfomied to enable reproducing 
of unauthorized contents and the like, by tampering with 
the revocation list, or performing processing such as re- 
placing the list sent to the device with an unauthorized 
revocation list. For example, a case might be conceived 
wherein an attacker holding invalid unauthorized media 
or contents does not update an old revocation list where- 
in the unauthorized media or contents are not invalid. 
This would enable usage of unauthorized media and 
reading of unauthorized contents that are supposed to 
be invalid. 

[0012] Also, processing has been perfonned wherein 
the revocation list is stored in internal memory in a re- 
cording/reproducing device, for example, and reference 
processing is executed wherein the list is called up from 
the internal memory as necessary and used. For exam- 
ple, the device has repeatedly executed processing 
such as, in the event of reproducing contents, for exam- 
ple, reference processing is executed by reading a rev- 
ocation list storing unauthorized contents identifiers 
from intemal memory, and In the case of processing tar- 
geted at revoking unauthorized media, reference 
processing is executed by reading a revocation list stor- 
ing unauthorized media identifiers from internal memo- 
ry, and so forth. The reading processing of these revo- 
cation lists are necessary each time a new media is 
mounted or new contents are processed, leading to 
complication in processing. 

[001 3] Further, conventionally, in the case of process- 
ing targeted at revoking unauthorized contents, a revo- 
cation list storing unauthorized contents identifier is 
used, and in the case of processing targeting revoking 
unauthorized media, a revocation list storing unauthor- 
ized media identifiers is used, and the revocations to 
make reference to have been differentiated according 
to the usage thereof. In this case, the device side re- 
quires processing for selecting one revocation list from 
multiple stored revocation list, and collation with a con- 
tents or media identifier is performed following this se- 
lection. This revocation list selection processing is re- 
peatedly necessary each time mounting new media or 
processing new contents, leading to complication in 
processing. 

Disclosure of the Invention 

[0014] The present invention provides a configuration 
of revoking such unauthorized tampering and updating 
of revocation lists, and specifically, it is an object thereof 
to provide a data reproducing device, data recording de- 
vice, and data reproducing method, data recording 
method, list updating method, and program providing 
medium, capable of revoking unauthorized use of con- 
tents due to abuse of unauthorized revocation lists, by 
setting a version in a revocation list, and comparing the 
version of a revocation list held in a device with a valid 



revocation list within the header of contents at the time 
of reading the contents out, and performing processing 
such as enabling processing of contents under the con- 
ditions that the version of the held list is not old. 

5 [001 5] Further, it is an object of the present invention 
to provide a data reproducing device, data recording de- 
vice, and data reproducing method, data recording 
method, and program providing medium, capable of re- 
solving the complexity of such processing, by setting a 

10 revocation list in a memory interface of a device such 
that after setting, revocation of unauthorized media and 
unauthorized contents can be performed consecutively 
using a revocation list at the memory interface, thereby 
realizing efficiency of processing. 

15 [0016] Further, it is an object of the present invention 
to provide a data reproducing device, data recording de- 
vice, and data reproducing method, data recording 
method, and program providing medium, capable of re- 
solving the complexity of such processing, by storing 

20 identifiers of media and contents, which are different 
categories, in a single revocation, thereby enabling a 
shared revocation list to be applied to both media and 
contents to perform revocation of unauthorized media 
and unauthorized contents without the device selecting 

25 a revocation list, thereby realizing efficiency of process- 
ing. 

[0017] According to a first aspect of the present inven- 
tion, 

a data reproducing device for executing reproduc- 
30 ing processing of contents stored in data storing means 
comprises: 

intemal memory for storing a revocation list which 
is a list storing an identifier of at least one of data 

35 storing means or contents which are the object of 
forbidding processing, the list having version infor- 
mation indicating the newness of the list; and 
a controller for executing comparison processing 
between a valid revocation list version stored in 

40 header Information of contents which are the object 
of reproducing, and the version of a revocation list 
stored in the internal memory, and performs 
processing accompanying the reproducing of the 
contents which are the object of reproducing, under 

45 the condition of confirmation that the version of the 
revocation list stored in the internal memory is not 
older than the version set in the header information 
of the contents which are the object of reproducing. 

50 [0018] Further, according to an embodiment of the da- 
ta reproducing device according to the present inven- 
tion, the controller has a configuration for executing, as 
processing accompanying the reproducing, comparison 
processing between an identifier of at least one of data 

55 storing means or contents stored in a revocation list 
stored in the internal memory and an identifier of con- 
tents which are the object of reproducing, or an identifier 
of data storing means storing the contents which are the 
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object of reproducing; and is of a configuration of exe- 
cuting processing for canceling data reproduction in the 
event that an identifier of at least one of data storing 
means or contents stored in a revocation list and an 
identifier of contents which are the object of reproduc- 
ing, or an identifier of data storing means storing the 
contents which are the object of reproducing, match in 
the comparison processing. 

[001 9] Further, according to an embodiment of the da- 
ta reproducing device according to the present inven- 
tion, the controller has a memory interface for executing 
accessing to the data storing means, and a control unit 
for executing control of the memory interface; and the 
memory interface is of a configuration for executing 
comparison processing between a version-of a valid 
revocation list stored in the header information of the 
contents which are the object of reproducing, and the 
version of a revocation list stored In the Intemal memory, 
based on a data reproduction request command from 
the control unit. 

[0020] Further, according to an embodiment of the da- 
ta reproducing device according to the present inven- 
tion, the controller has a configuration for executing 
comparison processing between the version of an up- 
dating revocation list which is extemally received, and 
the version of a revocation list which has already been 
stored in the internal memory, and executing updating 
processing of the revocation list by the updating revo- 
cation list under the condition of confirmation that the 
version of the revocation list stored in the intemal mem- 
ory is newer than the updating revocation list. 
[0021] Further, according to an embodiment of the da- 
ta reproducing device according to the present inven- 
tion, the controller has a configuration for executing a 
data tampering check with regard to an externally re- 
ceived updating revocation list, based on a data integrity 
check value (ICV), and for executing updating process- 
ing of the revocation list by the updating revocation list, 
based on a no data tampering judgment. 
[0022] According to a second aspect of the present 
invention, 

a data recording device for executing recording 
processing of contents to be stored in data storing 
means comprises: 

Intemal memory for storing a revocation list which 
is a list storing an identifier of at least one of data 
storing means or contents which are the object of 
forbidding processing, the list having version infor- 
mation indicating the newness of the list; and 
a controller for executing processing for setting a 
setting value specifying reproduction processing 
execution by non-reference to the revocation list, as 
a valid revocation list version to be stored in header 
information of contents which are the object of re- 
cording, and executing contents storing processing 
to the data storing means. 



[0023] Further, according to an embodiment of the da- 
ta recording device according to the present invention, 
the controller has a memory Interface for executing ac- 
cess to the data storing means, and a control unit for 

5 executing control of the memory Interface; wherein the 
memory interface is of a configuration for executing 
processing for setting the version of a valid revocation 
list to be stored in the header Information of contents 
which are the object of recording, as a setting value ca- 

10 pable of reproduction executing by non-reference to the 
revocation list, based on a header information generat- 
ing command accompanying data recording from the 
control unit. 

[0024] Further, according to an embodiment of the da- 

15 ta recording device according to the present invention, 
the controller has a configuration for executing compar- 
ison processing between the version of an updating rev- 
ocation list which is externally received, and the version 
of a revocation list which has already been stored in the 

20 Intemal memory, and executing updating processing of 
the revocation list by the updating revocation list under 
the condition of confirmation that the version of the rev- 
ocation list stored in the Intemal memory is newer than 
the updating revocation list. 

25 [0025] Further, according to an embodiment of the da- 
ta recording device according to the present invention, 
the controller has a configuration for executing a data 
tampering check with regard to an externally received 
updating revocation list, based on a data Integrity check 

30 value (ICV), and for executing updating processing of 
the revocation list by the updating revocation list, based 
on a no data tampering judgment. 
[0026] According to a third aspect of the present in- 
vention, 

35 a data reproducing method with a data reproduc- 

ing device for executing reproducing processing of data 
stored In data storing means comprises: 

a comparing step for executing comparison 
40 processing between a valid revocation list version 
stored in header information of contents which are 
the object of reproducing, and the version of a rev- 
ocation list stored In Intemal memory of the data re- 
producing device; and 
45 a reproduction-related processing executing step 
for performing processing accompanying the repro- 
ducing of the contents which are the object of re- 
producing, under the condition of confirmation that 
the version of the revocation list stored in the inter- 
50 nal memory is not older than the version set in the 
header information of the contents which are the ob- 
ject of reproducing. 

[0027] Further, according to an embodiment of the da- 
55 ta reproducing method according to the present inven- 
tion, the reproduction-related processing executing step 
contains a step for executing comparison processing 
between an identifier of at least one of data storing 
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means or contents stored in a revocation list stored in 
the internal memory and an identifiei' of contents which 
are the object of reproducing, or an identifier of data stor- 
ing means storing the contents which are the object of 
reproducing; and a step for executing processing for 5 
canceling data reproduction in the event that an identi- 
fier of at least one of data storing means or contents 
stored in the revocation list and an Identifier of contents 
which are the object of reproducing, or an identifier of 
data storing means storing the contents which are the 
object of reproducing, match in the comparison process- 
ing. 

[0028] Further, according to an embodiment of the da- 
ta reproducing method accoiding to the present inven- 
tion, the data reproducing device has a memory inter- 
face for executing accessing to the data storing means, 
and a control unit for executing control of the memory 
interface, the data reproducing method further compris- 
ing: a step for transmitting a data reproduction request 
command to the memory interface from the control unit; 
and a step for executing comparison processing be- 
tween a version of a valid revocation list stored in the 
header Information of the contents which are the object 
of reproducing, and the version of a revocation list 
stored in the internal memory, based on reception of the 
data reproduction request command at the memory In- 
terface. 

[0029] Further, according to a fourth aspect of the 
present invention, 

a data recording method for executing recording 
processing of contents to be stored in data storing 
means comprises: 

a step for executing processing for setting a setting 
value specifying reproduction processing execution 
by non-reference to the revocation list, as a valid 
revocation list version to be stored in header infor- 
mation of contents which are the object of record- 
ing; 

and a step for executing-contents storing process- 
ing to the data storing means. 

[0030] Further, according to a fifth aspect of the 
present invention, 

a list updating method for a data processing de- 
vice, storing in internal memory a revocation list which 
is a list storing an identifier of at least one of data storing 
means or contents which are the object of forbidding 
processing, the list having version Information Indicating 
the newness of the list; wherein comparison processing 
between the version of an updating revocation list which 
Is externally received, and the version of a revocation 
list which has already been stored in the internal mem- 
ory, is executed, and updating processing of the revo- 
cation list by the updating revocation list Is executed un- 
der the condition of confirmation that the version of the 
revocation list stored in the internal memory is newer 
than the updating revocation list. 



[0031] Further, an embodiment of the list updating 
method according to the present invention further com- 
prises a step for executing a data tampering check with 
regard to an externally received updating revocation list, 
based on a data integrity check value (ICV), wherein up- 
dating processing of the revocation list by the updating 
revocation list is executed, based on a no data tamper- 
ing judgment. 

[0032] Further, a sixth aspect of the present invention 
is 

a program providing medium for providing a com- 
puter program for causing execution on a computer sys- 
tem of data reproducing processing for a data reproduc- 
ing device which executes reproducing processing of 
data stored in data storing means, wherein the computer 
program comprises: 

a comparing step for executing comparison 
processing between a valid revocation list version 
stored in header information of contents which are 
the object of reproducing, and the version of a rev- 
ocation list stored in internal memory of the data re- 
producing device; and 

a reproduction-related processing executing step 
for performing processing accompanying the repro- 
ducing of the contents which are the object of re- 
producing, under the condition of confirmation that 
the version of the revocation list stored in the inter- 
nal memory is not older than the version set In the 
header information of the contents which are the ob- 
ject of reproducing. 

[0033] Further, according to a seventh aspect of the 
present Invention, 

with a data reproducing device for executing re- 
producing processing of contents stored in data storing 
means; 

the data reproducing device is of a configuration 
for reading a revocation list holding identifier data of at 
least one of data recording means or contents which are 
the object of forbidding processing into a memory inter- 
face which performs access to data storing means, and 
holding the revocation list in a referable state in consec- 
utively differing processing within the memory interface. 
[0034] Further, an embodiment of the data reproduc- 
ing device according to the present Invention further 
comprises a control unit for executing transmitting 
processing of a revocation list set command, which is a 
set command for the revocation list holding identifier da- 
ta of at least one of data storing means or contents which 
are the object of forbidding processing as to the memory 
interface, as processing at the time of activation; where- 
in the memory interface is of a configuration for reading 
the revocation list into the memory interface in response 
to reception of the revocation list set command, and ex- 
ecuting revocation list set processing to enable refer- 
ence processing within the memory interface. 
[0035] Further, according to an embodiment of the da- 
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ta reproducing device according to the present Inven- 
tion, the memory interface is of a configuration for exe- 
cuting a data tampering check based on a data integrity 
check value (ICV) for the revocation list read into the 
memory interface, and executing revocation list set 
processing which enables reference processing within 
the memory interface, under the condition that a no data 
tampering judgment has been made. 
[0036] Further, according to an embodiment of the da- 
ta reproducing device according to the present inven- 
tion, the memory interface is of a configuration wherein 
a data storing means identifier is received from data 
storing means wherein data which is the object of repro- 
ducing is recorded, collation is executed between the 
received data storing means identifier and an identifier 
listed in the revocation list set in the memory interface, 
and In the event that the identifiers mutually match, the 
data reproducing processing is cancelled. 
[0037] Further, according to an embodiment of the da- 
ta reproducing device according to the present Inven- 
tion, the memory interface is of a configuration wherein 
an identifier of contents which are the object of repro- 
ducing Is obtained from header information of the con- 
tents stored in the data storing means, collation is exe- 
cuted between the obtained contents identifier and an 
identifier listed in the revocation list set in the memory 
interface, and in the event that the identifiers mutually 
match, the data reproducing processing is cancelled. 
[0038] Further, according to an embodiment of the da- 
ta reproducing device according to the present inven- 
tion, the revocation list is of a configuration having iden- 
tifier data for both the data storing means identifier which 
is the object of forbidding processing and contents 
which are the object of forbidding processing. 
[0039] Further, according to an eighth aspect of the 
present invention, 

with a data recording device for executing record- 
ing processing of contents to be stored in data storing 
means; 

the data recording device is of a configuration for 
reading in a revocation list holding identifier data of at 
least one of data storing means or contents which are 
the object of forbidding processing Into a memory inter- 
face which performs access to data storing means, and 
holding the revocation list in a referable state in consec- 
utively differing processing within the memory interface. 
[0040] Further, an embodiment of the data recording 
device according to the present invention, further com- 
prises a control unit for executing transmitting process- 
ing of a revocation list set command, which is a set com- 
mand for the revocation list holding an identifier data of 
at least one of data storing means or contents which are 
the object of fortDidding processing as to the memory in- 
terface, as processing at the time of activation; wherein 
the memory interface is of a configuration for reading 
the revocation list into the memory interface in response 
to reception of the revocation list set command, and ex- 
ecuting revocation list set processing to enable refer- 



ence processing within the memory Interface. 
[0041] Further, according to an embodiment of the da- 
ta recording device according to the present invention, 
the memory interface is of a configuration for executing 

5 a data tampering check based on a data Integrity check 
value (ICV) for the revocation list read into the memory 
interface, and executing revocation list set processing 
which enables reference processing within the memory 
interface, under the condition that a no data tampering 

10 judgment has been made. 

[0042] Further, according to an embodiment of the da- 
ta recording device according to the present invention, 
the memory interface is of a configuration wherein a da- 
ta storing means identifier is received from data storing 

15 means wherein data which is the object of recording is 
recorded, collation is executed between the received 
data storing means identifier and an identifier listed in 
the revocation list set in the memory interface, and in 
the event that the identifiers mutually match, the data 

20 recording processing is cancelled. 

[0043] Further, according to an embodiment of the da- 
ta recording device according to the present invention, 
the revocation list is of a configuration having identifier 
data for both the data storing means identifier which is 

25 the object of forbidding processing and contents which 
are the object of forbidding processing. 
[0044] Further, according to a ninth aspect of the 
present invention, 

a data reproducing method for executing repro- 

30 ducing processing of contents stored in data storing 
means comprises: 

a step for reading a revocation list holding identifier 
data of at least one of data storing means or con- 
35 tents which are the object of forbidding processing 
into a memory interface which performs access to 
data storing means; 

a step for holding the revocation list in a referable 
state in consecutively differing processing within 
40 the memory Interface; and 

a step for making reference to the revocation list set 
in the memory interface and judging whether data 
reproduction processing is permissible or Imper- 
missible. 

45 

[0045] Further, an embodiment of the data reproduc- 
ing method according to the present invention further 
comprises: a step for executing transmitting processing 
of a revocation list set command, which Is a set com- 

50 mand for the revocation list holding an identifier data of 
at least one of a data recording device or contents which 
are the object of forbidding processing, as to the mem- 
ory interface which performs access to data storing 
means, from a control unit, as processing at the time of 

55 activation; and a step at the memory interface for read- 
ing the revocation list into the memory interface in re- 
sponse to reception of the revocation list set command, 
and executing revocation list set processing to enable 
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reference processing within the memory interface. 
[0046] Further, according to an embodiment of the da- 
ta reproducing method according to the present Inven- 
tion, a data tampering check is executed based on a da- 
ta Integrity check value (ICV) for the revocation list read 
into the memory interface, and wherein revocation list 
set processing which enables reference processing 
within the memory interface is executed under the con- 
dition that a no data tampering judgment has been 
made. 

[0047] Further, an embodiment of the data reproduc- 
ing method according to the present invention, further 
comprises, at the memory interface, a step for receiving 
a data storing means identifier from data storing means 
wherein data which is the object of reproducing is re- 
corded, collation is executed between the received data 
storing means identifier and an identifier listed in the rev- 
ocation list set in the memory interface, and in the event 
that the identifiers mutually match, canceling the data 
reproducing processing. 

[0048] Further, an embodiment of the data reproduc- 
ing method according to the present invention further 
comprises, at the memory interface, a step for obtaining 
an identifier of contents which are the object of repro- 
ducing from header information of the contents stored 
in the data storing means, executing collation between 
the obtained contents identifier and an identifier listed 
in the revocation list set in the memory interface, and in 
the event that the identifiers mutually match, canceling 
the data reproducing processing. 
[0049] Further, according to a tenth aspect of the 
present invention, 

a data recording method for executing recording 
processing of contents to be recorded in data storing 
means comprises: 

a step for reading in a revocation list holding Iden- 
tifier data of at least one of data storing means or 
contents which are the object of forbidding process- 
ing into a memory interface which perfonns access 
to data storing means; 

a step for holding the revocation list In a referable 

state in consecutively differing processing within 

the memory interface; and 

a step for making reference to the revocation list set 

in the memory Interface and judging whether data 

recording processing is permissible or impennissi- 

ble. 

[0050] Further, an embodiment of the data recording 
method according to the present invention further com- 
prises: a step for executing transmitting processing of a 
revocation list set command, which is a set command 
for the revocation list holding identifier data of at least 
one of data storing means or contents which are the ob- 
ject of forbidding processing, as to the memory inter- 
face, which performs access to data storing means, 
from a control unit, as processing at the time of activa- 



tion; a step at the memory interface for reading the rev- 
ocation list Into the memory interface In response to re- 
ception of the revocation list set command, and execut- 
ing revocation list set processing to enable reference 

5 processing within the memory interface; and a step for 
making reference to the revocation list set in the memory 
interface and judging whether data recording process- 
ing Is permissible or impermissible. 
[0051] Further, with an embodiment of the data re- 

10 cording method according to the present Invention, a da- 
ta tampering check Is executed based on a data Integrity 
check value (ICV) for the revocation list read into the 
memory interface, and revocation list set processing 
which enables reference processing within the memory 

15 interface is executed under the condition that a no data 
tampering judgment has been made. 
[0052] Further, an embodiment of the data recording 
method according to the present invention further com- 
prises, at the memory interface, a step for receiving a 

20 data storing means identifier from data storing means 
wherein data which is the object of reproducing is re- 
corded, collation is executed between the received data 
storing means identifier and an identifier listed in the rev- 
ocation list set in the memory Interface, and In the event 

25 that the identifiers mutually match, canceling the data 
recording processing. 

[0053] Further, an eleventh aspect of the present in- 
vention is a program providing medium for providing a 
computer program for causing execution on a computer 
30 system for reproduction processing of contents stored 
in data storing means, wherein the computer program 
comprises: 

a step for reading a revocation list holding Identifier 
35 data of at least one of data storing means or con- 
tents which are the object of forbidding processing 
Into a memory Interface which perfomns access to 
data storing means; 

a step for holding the revocation list in a referable 
40 state In consecutively differing processing within 
the memory interface; and 
a step for making reference to the revocation list set 
In the memory interface and judging whether data 
reproduction processing is permissible or imper- 
45 misslble. 

[0054] Further, a twelfth aspect of the present inven- 
tion is a program providing medium for providing a com- 
puter program for causing execution on a computer sys- 
50 tem for recording processing for contents to be recorded 
in data storing means, wherein the program comprises: 

a step for reading In a revocation list holding iden- 
tifier data of at least one of data storing means or 
55 contents which are the object of forbidding process- 
ing into a memory Interface which perfomns access 
to data storing means; 

a step for holding the revocation list in a referable 
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state in consecutively differing processing within 
the memory interface; and 
a step for making reference to the revocation list set 
in the memory interface and judging whether data 
recording processing is permissible or impermissi- 5 
ble. 

[0055] According to a thirteenth aspect of the present 
invention, 

a data reproducing device for executing reproduc- 
ing processing of contents stored in data storing means 
has: 

a memory interface for executing accessing to the 
data storing means, and a control unit for executing 
control of the memory interface; 
the memory interface having 
internal memory storing a revocation list holding 
identifier data for each of data storing device and 
contents which are the object of forbidding process- 
ing; 

wherein the memory interface has a configuration 
wherein a data storing means identifier is received from 
data storing means wherein data which is the object of 
reproducing is recorded, collation is executed between 
the received data storing means Identifier and an iden- 
tifier listed in the revocation list, and in the event that the 
identifiers mutually match, the data reproducing 
processing is cancelled; 

and wherein an identifier of contents which are the 
object of reproducing is obtained from header informa- 
tion of the contents stored in the data storing means, 
collation is executed between the obtained contents 
identifier and an identifier listed in the revocation list, 
and In the event that the identifiers mutually match, the 
data reproducing processing is cancelled. 
[0056] Further, according to an embodiment of the da- 
ta reproducing device according to the present inven- 
tion, the memory interface receives an identifier of data 
storing means which are media, based on a media rec- 
ognition command from the control unit, and executes 
collation processing between the received data storing 
means identifier and an identifier listed in the revocation 
list. 

[0057] Further, according to an embodiment of the da- 
ta reproducing device according to the present inven- 
tion, the memory interface performs mutual authentica- 
tion processing with data storing means which are me- 
dia, based on a media recognition command from the 
control unit, receives a data storing means identifier in 
the mutual authentication processing, and executes col- 
lation processing between the received data storing 
means Identifier and an identifier listed in the revocation 
list. 

[0058] Further, according to an embodiment of the da- 
ta reproducing device according to the present inven- 
tion, the memory interface obtains a contents identifier 
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stored in header information of contents to be repro- 
duced, based on a data reproduction request command 
from the control unit, and executes collation processing 
between the obtained contents identifier and an identi- 
fier listed in the revocation list. 
[0059] Further, according to an embodiment of the da- 
ta reproducing device according to the present inven- 
tion, the memory interface has a configuration for exe- 
cuting a data tampering check based on a data integrity 
check value (ICV) with regard to an updating revocation 
list which is externally received, whereby a no data tam- 
pering judgment is made; and wherein comparison 
processing between the version of an updating revoca- 
tion list which is externally received, and the version of 
a revocation list which has already been stored in the 
internal memory, is executed, and updating processing 
of the revocation list by the updating revocation list is 
executed under the condition of confirmation that the 
version of the revocation list stored in the internal mem- 
ory is newer than the updating revocation list. 
[0060] Further, according to a fourteenth aspect of the 
present invention, 

a data recording device for executing recording 
processing of contents stored in data storing means 
has: 

a memory interface for executing accessing to the 
data storing means, and a control unit for executing 
control of the memory interface; 
the memory interface having internal memory stor- 
ing a revocation list holding identifier data for each 
of data storing device and contents which are the 
object of forbidding processing; 

wherein the memory Interface has a configuration 
wherein a data storing means identifier which is the ob- 
ject of recording data is received, collation is executed 
between the received data storing means identifier and 
a list identifier in the revocation list, and in the event that 
the identifiers mutually match, the data recording 
processing is cancelled. 

[0061] Further, according to an embodiment of the da- 
ta recording device according to the present invention, 
the memory interface receives an identifier of data stor- 
ing means which are media, based on a media recog- 
nition command from the control unit, and executes col- 
lation processing between the received data storing 
means identifier and an identifier listed in the revocation 
list. 

[0062] Further, according to an embodiment of the da- 
ta recording device according to the present invention, 
the memory interface performs mutual authentication 
processing with data storing means which are media, 
based on a media recognition command from the control 
unit, receives a data storing means identifier in the mu- 
tual authentication processing, and executes collation 
processing between the received data storing means 
identifier and an identifier listed in the revocation list. 
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[0063] Further, according to a fifteenth aspect of the 
present invention, 

with a data reproducing method for executing re- 
producing processing of contents stored in data storing 
means; 

at a memory interface for executing accessing to 
the data storing means, a data storing means identifier 
is received from data storing means wherein data which 
is the object of reproducing is recorded, collation is ex- 
ecuted between the received data storing means iden- 
tifier and an identifier iisted in the revocation list, and in 
the event that the identifiers mutually match, the data 
reproducing processing is cancelled; 

and an identifier of contents which are the object 
of reproducing Is obtained from header information of 
the contents stored in the data storing means, collation 
is executed between the obtained contents identifier 
and an identifier listed in the revocation list, and in the 
event that the identifiers mutually match, the data repro- 
ducing processing is cancelled. 
[0064] Further, an embodiment of the data reproduc- 
ing method according to the present invention has a 
configuration wherein the memory interface receives an 
identifier of data storing means which are media, based 
on a media recognition command from a control unit, 
and executes collation processing between the received 
data storing means identifier and an identifier listed in 
the revocation list. 

[0065] Further, according to an embodiment of the da- 
ta reproducing method according to the present inven- 
tion, the memory Interface performs mutual authentica- 
tion processing with data storing means which are me- 
dia, based on a media recognition command from a con- 
trol unit, receives a data storing means identifier In the 
mutual authentication processing, and executes colla- 
tion processing between the received data storing 
means identifier and an Identifier listed in the revocation 
list. 

[0066] Further, according to an embodiment of the da- 
ta reproducing method according to the present inven- 
tion, the memory interface obtains a contents identifier 
stored in header information of contents to be repro- 
duced, based on a data reproduction request command 
from a control unit, and executes collation processing 
between the obtained contents identifier and an identi- 
fier listed in the revocation list. 
[0067] Further, according to a sixteenth aspect of the 
present invention, 

with a data recording method for executing record- 
ing processing of contents stored in data storing means; 

at a memory interface for executing accessing to 
the data storing means, an identifier of the data storing 
means which is the object of recording data is received, 
collation is executed between the received data storing 
means identifier and a list identifier in the revocation list, 
and in the event that the identifiers mutually match, 
processing for canceling data recording is executed. 
[0068] Further, according to an embodiment of the da- 
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ta recording method according to the present invention, 
the memory interface receives an identifier of data stor- 
ing means which are media, based on a media recog- 
nition command from a control unit, and executes coila- 
5 tlon processing between the received data storing 
means identifier and an Identifier Iisted in the revocation 
list. 

[0069] Further, according to an embodiment of the da- 
ta recording method according to the present invention, 

10 the memory interface perfomns mutual authentication 
processing with data storing means which are media, 
based on a media recognition command from the control 
unit, receives a data storing means identifier in the mu- 
tual authentication processing, and executes collation 

15 processing between the received data storing means 
identifier and an identifier listed in the revocation list. 
[0070] Further, a seventeenth aspect of the present 
invention is 

a program providing medium for providing a com- 
20 puter program for causing execution on a computer sys- 
tem for reproducing processing of contents stored in da- 
ta storing means, wherein the computer program com- 
prises: 

25 a step for, at a memory interface for executing ac- 
cessing to the data storing means, receiving a data 
storing means identifier from data storing means 
wherein data which is the object of reproducing is 
recorded, executing collation between the received 
30 data storing means identifier and an identifier listed 
in the revocation list, and in the event that the Iden- 
tifiers mutually match, canceling the data reproduc- 
ing processing; and 

a step for obtaining an identifier of contents which 
35 are the object of reproducing from header informa- 
tion of the contents stored in the data storing 
means, executing collation between the obtained 
contents identifier and an Identifier listed in the rev- 
ocation list, and in the event that the identifiers mu- 
40 tually match, canceling the data reproducing 
processing. 

[0071] Further, a eighteenth aspect of the present In- 
vention is 

45 a program providing medium for providing a com- 

puter program for causing execution on a computer sys- 
tem for recording processing of contents to be stored in 
data storing means, wherein the computer program 
comprises: 

50 

a step for, at a memory interface for executing ac- 
cessing to the data storing means, receiving an 
identifier of the data storing means which is the ob- 
ject of recording data, executing collation between 
55 the received data storing means identifier and a list 
identifier in the revocation list, and in the event that 
the identifiers mutually match, canceling the data 
recording. 
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[0072] Now, the program providing medium relating 
to the present invention is a medium for providing a com- 
puter program in a computer-readable format to a gen- 
eral-purpose, computer system capable of executing 
various types of program code, for example. The medi- 
um is not particularly restricted in form, such as to re- 
cording media such as CDs, FDs. MOs. or the like, or 
to transfer media such as networks or the like. 
[0073] Such a program providing medium defines the 
structural or functional cooperative relation between the 
computer program and providing medium, for realizing 
the functions of a particular computer program on a 
computer system. In other words, installing a computer 
program in a computer system through the providing 
medium causes the cooperative operations to be man- 
ifested on the computer system, so operations the same 
as the other aspects of the present invention can be ob- 
tained. 

[0074] Other objects, characteristics, and advantages 
of the present invention will become more apparent from 
detailed description based on the later-described em- 
bodiments of the present invention and the attached 
drawings. 

Brief Description of the Drawings 
[0075] 

Fig. 1 is a diagram explaining the concept of use of 
the data processing device according to the present 
invention. 

Fig. 2 is a diagram illustrating the configuration of 
the device and media of the data processing device 
according to the present invention. 
Fig. 3 is a diagram illustrating the memory storage 
data configuration of the data processing device ac- 
cording to the present invention. 
Fig. 4 is a diagram illustrating the detailed configu- 
ration of a memory interface of the device of the da- 
ta processing device according to the present in- 
vention. 

Fig. 5 is a diagram illustrating the data configuration 
in a status register in the memory interface with the 
data processing device according to the present in- 
vention. 

Fig. 6 is a diagram illustrating the detailed configu- 
ration of data stored in media with the data process- 
ing device according to the present invention. 
Fig. 7 is a diagram explaining the configuration of a 
security header set corresponding to the contents 
stored in media with the data processing device ac- 
cording to the present invention. 
Fig. 8 is a diagram illustrating two forms of data en- 
cryption with the data processing device according 
to the present invention. 

Fig. 9 is a diagram illustrating the configuration of a 
revocation list with the data processing device ac- 
cording to the present invention. 
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Fig. 10 is a diagram explaining a block pemnission 
table (BPT) with the data processing device accord- 
ing to the present invention. 
Fig. 11 is a diagram illustrating the BPT storing 
5 processing flow at the time of manufacturing media 
1 . with the data processing device according to the 
present invention. 

Fig. 12 is a diagram illustrating the BPT storing 
processing flow at the time of manufacturing media 
10 2, with the data processing device according to the 
present invention. 

Fig. 13 is a diagram describing a specific example 
of a block pemiission table (BPT) with the data 
processing device according to the present inven- 
ts tion. 

Fig. 14 is a diagram explaining a integrity check val- 
ue generating processing configuration with the da- 
ta processing device according to the present in- 
vention. 

20 Fig. 1 5 is a diagram explaining a integrity check val- 
ue validating processing flow with the data process- 
ing device according to the present invention. 
Fig. 16 is a diagram illustrating a flow at the time of 
activating the device with the data processing de- 
25 vice according to the present invention. 

Fig. 17 is a diagram explaining a configuration ex- 
ample of a file allocation table with the data process- 
ing device according to the present invention. 
Fig. 18 is a diagram illustrating a flow (part 1) at the 
30 time of recognizing media 1 with the data process- 
ing device according to the present invention. 
Fig. 19 is a diagram illustrating a flow (part 2) at the 
time of recognizing media 1 with the data process- 
ing device according to the present invention. 
35 Fig. 20 is a diagram illustrating a flow (part 1 ) at the 
time of recognizing media 2 with the data process- 
ing device according to the priesent invention. 
Fig. 21 is a diagram illustrating a flow (part 2) at the 
time of recognizing media 2 with the data process- 
ed ing device according to the present Invention. 

Fig. 22 is a diagram illustrating a mutual authenti- 
cation processing sequence executed between de- 
vice and media with the data processing device ac- 
cording to the present invention. 
45 Fig. 23 is a diagram illustrating a mutual authenti- 
cation / key sharing processing flow (part 1 ) with the 
data processing device according to the present in- 
vention. 

Fig. 24 is a diagram illustrating a mutual authenti- 
50 cation / key sharing processing flow (part 2) with the 
data processing device according to the present in- 
vention. 

Fig. 25 is a diagram illustrating a file read-out 
processing flow with the data processing device ac- 
55 cording to the present invention. 

Fig. 26 is a diagram illustrating a file writing process- 
ing flow with the data processing device according 
to the present invention. 
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Fig. 27 is a diagram explaining a form of encryption 
processing of data stored in memory with the data 
processing device according to the present inven- 
tion. 

Fig. 28 is a diagram explaining triple DES capable s 
of application as a form of encryption processing of 
data stored In memory with the data processing de- 
vice according to the present invention. 
Fig. 29 is a diagram explaining a form of encryption 
processing of data stored in memory with the data io 
processing device according to the present inven- 
tion. 

Fig 30 is a diagram explaining a form of encryption 
processing of data stored in memory with the data 
processing device according to the present inven- is 
tion. 

Fig. 31 is a diagram explaining a form of storage 
processing of integrity check values according to 
sector, with the data processing device according 
to the present invention. 20 
Fig. 32 Is a diagram explaining an example of en- 
cryption processing of contents keys corresponding 
to sector and other keys, with the data processing 
device according to the present Invention. 
Fig. 33 is a diagram explaining an example of de- 25 
cryption processing of contents keys corresponding 
to sector and other keys, with the data processing 
device according to the present Invention. 
Fig. 34 is a diagram explaining an example of 
processing of contents keys conresponding to sec- 30 
tor and other keys, between device and media, with 
the data processing device according to the present 
invention. 

Fig. 35 is a diagram illustrating the decryption read- 
out processing flow (part 1) of a file, with the data 35 
processing device according to the present inven- 
tion. 

Fig. 36 Is a diagram illustrating the decryption read- 
out processing flow (part 2) of a file, with the data 
processing device according to the present inven- 40 
tion. 

Fig. 37 is a diagram illustrating a decryption 
processing flow of contents keys and others, with 
the data processing device according to the present 
invention. 45 
Fig. 38 is a diagram illustrating a decryption 
processing flow of contents keys and others by a 
media storing key, with the data processing device 
according to the present invention. 
Fig. 39 is a diagram illustrating the decryption 50 
processing flow (part 1 ) of sector data, with the data 
processing device according to the present inven- 
tion. 

Fig. 40 is a diagram Illustrating the decryption 
processing flow (part 2) of sector data, with the data 55 
processing device according to the present inven- 
tion. 

Fig. 41 is a diagram illustrating the encryption writ- 



ing processing flow (part 1) of a file, with the data 
processing device according to the present inven- 
tion. 

Fig. 42 is a diagram illustrating the encryption writ- 
ing processing flow (part 2) of a file, with the data 
processing device according to the present inven- 
tion. 

Fig. 43 is a diagram illustrating a encryption 
processing flow of contents keys and others, with 
the data processing device according to the present 
invention. 

Fig. 44 is a diagram Illustrating an encryption 
processing flow of contents keys and others by a 
media storing key, with the data processing device 
according to the present invention. 
Fig. 45 is a diagram Illustrating the encryption 
processing flow (part 1 ) of sector data, with the data 
processing device according to the present inven- 
tion. 

Fig. 46 is a diagram illustrating the encryption 
processing flow (part 2) of sector data, with the data 
processing device according to the present Inven- 
tion. 

Fig. 47 Is a diagram illustrating a revocation list up- 
dating processing flow with the data processing de- 
vice according to the present invention. 

Best Mode for Carrying Out the Invention 

[0076] The following is a description of embodiments 
of the present invention. 

[System Configuration] 

[0077] Fig. 1 illustrates a contents distribution system 
configuration to which the data processing device ac- 
cording to the present invention can be applied. Con- 
tents such as, for example, music data, image data, and 
various types of programs and the like are sent via a 
network such as the Internet or t-he like, or stored in 
media 103 which is one of various types of recording 
media such as a CD, DVD. or memory card or the like 
mounting flash memory, and received or mounted at the 
device 102, and executed. The device is, a device hav- 
ing contents reproducing functions, for example, a per- 
sonal computer (PC), a dedicated reproducing device, 
a game device, etc., and has, for example, a display de- 
vice for displaying the image contents, and the input de- 
vice for inputting instructions from a user. 
[0078] In the configuration of such a contents distri- 
bution system, the detailed configuration of the device 
reproducing the contents and the media storing the con- 
tents is shown in Fig. 2. 

[0079] Fig. 2 Illustrates the detailed configuration of 
the device 200, media 1210, and media 2230. The me- 
dia 1210 is media having a control unit for supporting 
only simple data read-out and writing processing, while 
the media 2230 is media having a controller for execut- 
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ing mutual authentication processing with the device 
mounting the media, and also executing encryption 
processing of the contents to be stored in the media. 
Both the media 1210 and the media 2230 can be mount- 
ed to the device 200. ^ 
[0080] The device 200 shown in Fig. 2 has a commu- 
nication unit 201 for executing data transmission/recep- 
tion processing via data communication means such as 
the internet or the like, and input unit 202 for inputting 
various types of instructions, a display unit 203 for exe- 
cuting display of messages, contents, etc. , a device con- 
troller 204 having a control unit 205 for executing control 
of these and the memory interface (l/F) unit 300 having 
interfacing functions for data input/output processing 
with media, and the memory unit 207 serving as Internal is 
memory storing a contents file group and revocation lists 
of unauthorized media and contents as invalid informa- 
tion. Note that data files such as revocation lists and the 
like stored in the internal memory have a configuration 
so as to be capable of being managed and read out by 20 
a file allocation table. 

[0081 ] At the time of reproducing the contents, the de- 
vice 200 performs reproduction upon making confimna- 
tion that the contents which are the object of reproduc- 
tion do not correspond to the invalid media or invalid 25 
contents stored in the revocation list. In the event that 
the contents which the object of reproduction are listed 
in the revocation list, a reproduction error occurs, and 
reproducing processing is not executed. Revocation 
lists, and reproduction processing applying a revocation 30 
a list, will be described in detail later. 
[0082] The media 1210 has a control unit 211 for con- 
trolling data input/output, and the memory unit 212 for 
storing contents, wherein the memory unit 212 not only 
stores contents along with corresponding header infor- 35 
mation, but also stores media ID which is identification 
Information unique to each medium, and further stores 
a BPT (Block Permission Table) which is an access per- 
mission table describing memory access control infor- 
mation. 40 
[0083] Following recognizing the media, the file sys- 
tem of the device 200 reads in the BPT which is the ac- 
cess permission table from the media, transfers the BPT 
to the memory interface unit 300 which performs direct 
access to the media, where it is managed. Upon receiv- 45 
ing the BPT, the memory interface unit 300 and perfomfis 
validation of the integrity check value (ICV) with regard 
to the received BPT. The BPT is stored as being valid 
only in the event that the ICV Is judged to be authenti- 
cated. In the event of receiving a command for access- so 
ing the memory of the media, the memory interface unit 
300 only executes access which is based on the BPT of 
the media. The configuration of a BPT and processing 
using a BPT will be described in detail later. 
[0084] The media 2230 is configured of a controller 55 

231 and a memory unit 232, wherein the memory unit 

232 stores contents along with corresponding header 
Information, and further stores a BPT (Block Penmlsslon 
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Table) which is an access permission table. The control- 
ler 231 has a memory Interface (l/F) unit 234 serving as 
a data storing or data read-out interface for the memory 
unit 232, and media 2 ID serving as an identifier for me- 
dia, internal memory 235 storing an authentication key 
Kake applied to mutual authentication processing, a 
storing key Ksto which is an encryption key used at the 
time of storing contents to the memory unit 232, and fur- 
ther, the initial value IV_keys at the time of encrypting 
keys which are the object of encryption, and so forth, 
and encryption processing unit 236 having a register, for 
executing authorization processing or encryption/de- 
cryption processing of contents, and a control unit 233 
for controlling these components. 

[Memory configuration in media] 

[0085] Next, the data storing configuration of the 
memory units of the media 1210 and the media 2230 
are shown in Fig. 3. The memory unit is, for example, 
flash memory which is a sort of non-volatile memory that 
is electrically rewritable, called EEPROM (Electrically 
Erasable Programmable ROM), and data erasing is per- 
formed by batch erasing in increments of blocks. 
[0086] As shown in Fig. 3 (a), the flash memory has 
multiple blocks, No. 1 through N, each block being con- 
figured by multiple sectors No. 1 through M as shown in 
(b), and each sector being configured of the data portion 
containing actual data, and a redundant portion contain- 
ing redundant data such as an error correction code and 
so forth, as shown in (c). Though described in detail lat- 
er, an ICV serving as a sector data integrity check value 
within the data portion of each sector may be stored in 
the redundant portion. 

[Primary commands] 

[0087] Next, in the device 200 shown in Fig. 2 the pri- 
mary commands Issued at the control unit 205, and the 
memory Interface (l/F) Unit 300, will be described. 
[0088] First, commands from the control unit 205 to 
the memory interface (l/F) unit 300 include the following. 

• Status read-out command 

[0089] Reads out the state of the status register which 
is set the current status in the memory interface. The 
memory interface (l/F) units 300 returns the contents of 
the status register. 

• Sector read-out command 

[0090] A data read-out processing command for a 

specified sector, 

• Sector write-in command 

[0091 ] A data writing processing command to a spec- 
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ified sector. 

• Sector decryption read-out command 

[0092] A command for executing processing for de- 5 
crypting encrypted data of a specified sector and read- 
ing it out, based on information in a set header. 

• Sector encryption write-in command 

10 

[0093] A command for executing processing for en- 
crypting data and writing it to a specified sector, based 
on information in a set header. 

• Header generating command 15 

[0094] A command for executing processing for gen- 
erating a header, based on specified parameters. 

• Header set command 20 

[0095] A command for executing processing for set- 
ting a header within the memory interface. 

• BPT set command 25 

[0096] a command for executing processing for set- 
ting a BPT within a memory interface. 

• Revocation list set command 30 

[0097] A command for executing processing for set- 
ting a revocation list which is a list of unauthorized media 
and unauthorized contents, within the memory Inter- 
face. 35 

• Updating revocation list check command 

[0098] A command for executing processing for 
checking whether or not It is acceptable to update the 
current revocation list to an updating revocation list. 

• Media 1 recognition command 

[0099] A command for executing processing to read ^5 
out the media identifier (ID) of a connected media 1 , and 
to check whether or not the ID is valid. 

• Media 2 recognition command 

50 

[0100] A command for executing processing to per- 
form mutual authentication with the connected media 2, 
and check whether or not the media identifier (ID) Is val- 
id. 

55 

• File allocation table call-up command 

[0101] A command for executing processing for read- 



ing out a file allocation table within memory. 

• File allocation table updating command 

[0102] A command for executing processing for up- 
dating a file allocation table, to the memory. 
[0103] Commands from the memory interface (l/F) 
unit 300 to the media 1 1nclude the following. 

• ID read-out command 

[01 04] A command for executing processing for read- 
ing it out the ID which the media 1 has. 

[Detailed configuration of memory Interface within 
device] 

[0105] Next, the detailed configuration of the memory 
interface (l/F) unit 300 within the device 200 is shown in 
Fig. 4. The functions of the components thereof will be 
described. 

• Status register 301 

[0106] A register for storing the internal status of the 
memory interface. The configuration example of the sta- 
tus register 301 is shown in Fig. 5. Each of the bits have 
the following meanings. 

• Bit 0: busy flag (1 : busy, 0: ready) 

[0107] Bit for judging whether or not the memory in- 
terface is performing internal processing. 

• Bit 1: read-out success flag (1: success, 0: fail) 

[0108] A bit for judging whether or not reading out of 
data from memory has succeeded. 

• Bit 2: write-in success flag (1 : success, 0: fail) 

[0109] A bit for judging whether or not writing data to 
the memory has succeeded. 

• Bit 3: media 1 set flag (1 : set, 0: not set) 

[01 10] A bit for judging whether or not the connected 
media 1 is usable. 

• Bit 4: media 2 set flag (1 : set, 0: not set) 

[01 1 1] A bit for judging whether or not the connected 
media 2 Is usable. 

• Bit 5: media 1 valid flag (1: valid (OK), 0: Invalid (no 
good) 

[0112] A bit for judging whether or not the identifier 
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(ID) of the connected media 1 is not the object of media 
to be revoked within the revocation list. 

• Bit 6: media 2 valid flag (1: valid (OK), 0: invalid (no 
good) 5 

[0113] A bit for judging whether or not the identifier 
(ID) of the connected media 2 is not the object of media 
to be revoked within the revocation list. 

10 

• Bit 7: header set success flag (1: success, 0: fail) 

[0114] A bit for judging whether or not a header has 
been successfully set within the memory interface. 

15 

• Bit 8: header generation success flag (1: success, 0: 
fail) 

[0115] A bid for judging whether or not generating of 
a header has been successful. 20 

• Bit 9: revocation list set flag (1 : set, 0: not set) 

[0116] A bit forjudging whether or not the revocation 
list has been successfully set In the memory interface. 25 

• Bit 1 0: updating revocation list valid flag (1 : valid (OK), 
0: invalid (no good) 

[0117] A bit forjudging whether or not an updating rev- 30 
ocation list is valid. 

[01 1 8] The status register 301 hold status information 
of these interface (l/F) units 300. 
[01 1 9] Returning to Fig. 4, let us continue the descrip- 
tion of the functions of the components. 35 

• Command register 302 

[0120] Register for storing commands transmitted 
from the control unit 40 

• Address register 303 

[0121] Register for setting the data transfer start sec- 
tor 45 

• Count register 304 

[01 22] Register for setting the total number of sectors 
of data to be transferred 50 
[01 23] Note that reading and writing data to and from 
external memory and internal memory is executed by 
setting a sector address for starting reading or writing in 
an address register, setting the total number of sectors 
to be read or written in the count register, and setting a 55 
sector read/write command in the command register. 
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• Control register 305 

[01 24] Register for setting the actions of the memory 
interface. 

• Transmission/reception control unit 306 

[01 25] Performs control of the memory interface, such 
as the various registers and transmission/reception 
buffer. 

• Transmission buffer memory 307 

[0126] Buffer for storing transmission data 

• Reception buffer memory 308 

[0127] Buffer for storing reception data 

• Transmission register 309 

[01 28] Register for transmitting data within the trans- 
mission buffer memory 307 

• Reception register 310 

[0129] Register for storing the received data and 
transferring it to the buffer memory 308 

• Encryption processing unit 320 

[01 30] Performs various types of encryption process- 
ing on data within the transmission buffer memory 307 
and the reception buffer memory 308. 

• Memory unit 321 

[0131] An area for storing and saving key information 
necessary for encryption processing by the encryption 
processing unit 320, revocation lists read in from Internal 
memory, and block permission tables (BPT) serving as 
access permission tables that are read in from external 
memory. In the event that both the revocation list and a 
block permission table (BPT) are set as a valid within 
the memory interface, and in the event that the trans- 
mission/reception control unit 306 receives media rec- 
ognition commands from the control unit or read/write 
commands for data in external memory, and so forth, 
processing is executed with reference to the set revo- 
cation list and block permission table (BPT). Such 
processing will be described in detail later with reference 
to flowcharts. 

[0132] Further, the following data is stored in the 
memory unit 321 as key information necessary to en- 
cryption processing. 

[01 33] Kdist: A distributing key contained in the secu- 
rity header of contents other than contents stored In the 
media 2. The contents ICV generating key Klcv_cont 
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CLE: Command Latch Enable 

ALE: Address Latch Enable 

CE: Chip Enable 

WE: Write Enable 

5 RE: Read Enable 



and contents key Kc are encrypted. 

[01 34] Kicv_sh: A security header ICV generating key 

used at the time of generating an ICV for a security 

header. 

[01 35] Ivsh: An Initial value (IV: initial value) used for 
generating an ICV for a security header. 
[0136] Mkake: A master key for mutual authentica- 
tion. 

[0137] Ivake: An initial value (IV: initial value) for ap- 
plication to the generating processing of a key for mutual 
authentication. 

[0138] Ivauth: An initial value (IV: initial value)for gen- 
erating data for mutual authentication. 
[0139] Mkicvr_rl: A master key for generating an ICV 

key for a revocation list. 

[0140] lvicv_rl: An initial value (IV: initial value) for 

when generating an ICV key for a revocation list. 

[0141] ivrl: An initial value (IV: initial value) used when 

generating an ICV for a revocation list. 

[0142] IV_keys: An initial value (IV: initial value) for 

when encrypting a contents encryption key at the media 

2. 

[0143] Mkicv_bpt: A master key for generating an ICV 
key for a BPT (Block Permission Table) which is access 
permission information. 

[0144] IVicv_bpt: An initial value (IV: initial value) for 
when generating an ICV key for a BPT (Block Permis- 
sion Table) which is access permission information. 
[0145] IVbpt: An initial value (IV: initial value) for a 
BPT (Block Permission Table) which is access permis- 
sion information. 

• ECC circuit 323 

[0146] A dedicated block for performing ECC checks 
for data in the transmission register 309 and the recep- 
tion register 310. 

• External memory input/output interface 324 

[0147] An input/output interface for external memory 
(media 1 and 2). Examples of eternal memory are mem- 
ory cards mounting flash memory, and so forth. Con- 
tents, header information accompanying recording/re- 
producing of the contents, and further block permission 
tables (BPT), for example, are input and output via this 
external memory input/output interface. 

• Intemal memory input/output interface 325 

[0148] An input/output interface for internal memory. 
Input and output is executed for revocation lists, for ex- 
ample, stored in internal memory, via the interface. 
[0149] The following signals are output to the external 
memory (media 1 and 2) or intemal memory from the 
external memory input/output interface 324 and internal 
memory input/output interface 325, con-esponding to 
the processing. 



[01 50] Also, as signals from external memory (media 
1 and 2), or from internal memory, 

10 WP: Write Protect (applied only to external 

memory (media 1 and 2)) 
RDY/BUSY: Ready/Busy 

these signals are input. 

15 

[Configuration of contents stored in memory] 

[0151] Next, the configuration of contents stored in 
the flash memory of the media will be described with 
20 reference to Fig. 6. As shown in Fig. 6(a), the contents 
of such as music data, and image data. etc.. are config- 
ured of a security header made up of various types of 
attributes information, and contents which are the actual 
data portions. 

25 [01 52] As shown in Fig. 6(b), pairs of security header 
portions of multiple contents and contents portions are 
stored in the flash memory of the media. As described 
above, the flash memory is erased in units of blocks, so 
one block stores a security header portion relating to the 
30 same contents or the contents portion, and processing 
wherein different contents are stored in one block is not 
performed except for cases wherein the batch erasing 
processing is permitted. 



[0153] The security header is attributes information 
regarding the contents. The data configuration of a se- 
curity header is shown in Fig. 7. The contents of it each 
40 piece of data will be described. 

• Format Version 

[0154] Indicates the fonmat version of the security 
45 header. 

• Content ID 

[0155] Indicates an identifier (ID) of contents. 

50 

• Content Type 

[0156] Indicates the type of contents. For example, 
contents stored in media 1 or media 2, or broadcast con- 
55 tents, etc. 
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• Data Type 

[01 57] Indicates that attributes of the contents, for ex- 
ample, whether data such as music, images, etc.. or 
whether a program, and so forth. 5 

• Encryption Algorithm 

[0158] Indicates the encryption processing algorithm 
using the contents l^ey (Kc) of the contents. For exam- 
ple, indicates whether the encryption is by DES, Tri- 
ple-DES. and so forth. 

• Encryption Mode 

[0159] Indicates the encryption mode with regard to 
the algorithm specified by Encryption Algorithm. For ex- 
ample, indicates whether ECB mode or CBC mode. etc. 

• Encryption Format Type 

[01 60] Indicates the encryption format of contents. 
[0161] A type wherein the entire contents are encrypt- 
ed with one contents key Kc is Type 1 , and a form where- 
in the contents are encrypted by a different key Ksec_n 
being applied to each sector of the contents is Type 2. 
[0162] Fig. 8 shows the encryption format configura- 
tion for either type. Fig. 8(a) shows the memory storage 
configuration of the contents encrypted by the Type 1 
encryption format, and Fig. 8(b) shows the memory stor- 
age configuration of the contents encrypted by the Type 
2 encryption format. 

[0163] The Type 1 encryption format shown in Fig. 8 
(a) is a configuration wherein all contents are encrypted 
with one contents key Kc and stored in memory, i.e., 
sector non-dependent encryption processing. The Type 
2 encryption format shown in Fig. 8(b) is a configuration 
wherein different sector keys Ksec_1 through Ksec_m 
are applied to each sector of the flash memory and the 
encrypted contents are stored, i.e., sector-dependent 
encryption processing. For example, with Sector 1 of the 
flash memory in Fig. 8 (b), Ksec_1 is set as an encryp- 
tion key corresponding to Sector 1. and contents to be 
stored in Sector 1 are ail subjected to encryption 
processing applying Ksec_1 , and stored in each block. 
With Sector m of the flash memory, Ksec_m is set as an 
encryption key corresponding to Sector m, and contents 
to be stored in Sector m are all subjected to encryption 
processing applying Ksec_m, and stored. 
[0164] In this way, with the configuration of the 
present invention, contents encryption processing Is ap- 
plied wherein different encryption keys are applied for 
each sector. Further, the various encryption forms can 
be applied to the processing form applying a different 
encryption key to each sector, such as single DES 
processing wherein one key is applied to one sector, 
processing by triple DES wherein multiple keys are ap- 
plied to one sector, and so forth. These processing 
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fonns will be described in detail later. 
[0165] Now, let us retum to Fig. 7 and continue de- 
scription of the configuration of a security header. 

• Encryption Flag 

[01 66] A flag indicating encryption /non-encryption of 
each sector within a block. There are as many flags as 
the number of sectors in the block (e.g., 32 sectors). For 
example, 0: non-encrypted sector, 1: encrypted sector. 
In the present embodiment, one block is 32 sectors. 

• ICV Flag 

[0167] A flag Indicating ICV addition/non-additlon for 
each sector within the block. There are as many flags 
as the number of sectors in the block (e.g., 32 sectors). 
For example, 0: no ICV, 1: ICV added. 

• Encrypted contents key (Kc_Encrypted 0-31 ) 

[01 68] Storage area for encrypted contents keys (32). 

• Encrypted ICV generating key (Kicv__cont_encrypted) 

[0169] Storage area for key for creating ICV for en- 
crypted contents. 

• Valid Revocation List version 

[01 70] The version of the of revocation list validly ap- 
plied for contents reproduction, 
[0171] In the event that the version of the set revoca- 
tion list is older than this at the time of reproducing con- 
tents, reproduction is not permitted. Also, 0 Is set for 
contents wherein there is no need to apply reference to 
a revocation list, such as reproduction processing of da- 
ta stored is within own device, and so forth. 

• ICV of Security Header 

[0172] Integrity check value (ICV) of security header 
[Revocation list] 

[0173] Next, the configuration of a revocation list 
which is invalid information of unauthorized media and 
contents, will be described. Fig. 9 shows the configura- 
tion of a revocation list. The following Is a description of 
each type of data. 

• Revocation List ID 

[01 74] An ID serving as an identifier unique to the rev- 
ocation list. 
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• Revocation List Version 

[0175] Indicates the version of the revocation list. The 
revocation list is updated, and invalid Information of un- 
authorized media and contents are newly added at the 5 

time of updating. 

[01 76] With the configuration of the present invention, 
version information is set in the revocation list, and ver- 
sion information of valid revocation list is set in the head- 
er of the contents. At the time of reading out the con- 
tents, the version of the revocation list which the device 
currently holds, and the version of the valid revocation 
list in the header of the contents, are compared. At this 
time, in the event that the version of the revocation list 
currently being held is older, reading out of the contents 
is cancelled. Consequently, the contents cannot be read 
out unless the revocation list is updated. 
[01 77] Also, at the time of updating the revocation list, 
the memory interface unit compares the version infor- 
mation of the current revocation list and the version in- 
formation of the updating revocation list, and only in the 
event that judgement is made that the revocation list is 
new. is updating of the revocation list permitted. 
[0178] New/old comparison processing of the revoca- 
tion list using version information, and examples of spe- 
cific processing of the updating processing, will be de- 
scribed in detail later with reference to processing flow- 
charts. 

• Number of Medial ID 

[0179] The total number of invalid media 1 (Medial 
ID). 

• Medial ID(0) through Medial ID(L-I) 
[0180] A list of identifiers of invalid media 1 . 

• Number of Media2 ID 

[0181] The total number of invalid media 2 (Medla2 
ID). 

• Media2 ID(0) through Media2 ID(M-I) 
[0182] A list of identifiers of invalid media 2. 

• Number of Contents ID 
[0183] The total number of invalid contents IDs 

• Contents 1D(0) through Contents ID(N-1 ) 
[0184] A list of invalid contents identifiers. 

• ICV of Revocation List 

[01 85] ICV for tampering check for revocation list. 
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[0186] As described above, a revocation list accord- 
ing to the present invention is configured of identifiers 
(ID) of multiple types (media, contents). In this way, mul- 
tiple contents and media can be revoked with a single 
revocation list, by providing multiple types of IDs which 
are the object of revoking, i.e., media ID and contents 
ID, in a revocation list which is invalid information of con- 
tents and media, and collation thereof is perfomried as 
differing operations. Use of unauthorized media and 
reading out of unauthorized contents can be forbidden 
by executing collation between the identifier (ID) of the 
media used or contents used, and IDs listed in the rev- 
ocation list at the memory interface unit, at the time of 
inserting the media or reading out the contents. 
[0187] In this way, due to the configuration wherein 
multiple IDs of contents and media are set in a single 
revocation list, multiple types of media and contents can 
be revoked with a single revocation list. The validation 
processing of media based on a revocation list at the 
time of activating the media, and specific processing of 
the contents validating processing at the time of 
processing the contents, will be described later. 
[0188] Also, with the configuration of the present in- 
vention, the revocation list is set up to a memory inter- 
face which directly accesses externa! memory and the 
like, and following the set up can be consecutively used 
at the memory interface when mounting media or when 
reproducing contents, which does away with the need 
for processing such as repeatedly reading out from the 
internal memory at the time of using contents, so 
processing is efficiently executed. 

[Block Permission Table (BPT)] 

[0189] Next the configuration of the Block Permission 
Table (BPT) used as an access permission table will be 
described. Conventionally, in the event of executing re- 
production of contents on a personal computer or the 
like, for example, the file system of the operating system 
of the personal computer subjectively reads in and man- 
ages an access information table (e.g., a File Allocation 
Table; FAT) stored in the recording media, and the file 
system has been capable of freely rewriting the contents 
of the access information table. Accordingly, even in the 
event that there is a recording medium storing an access 
infomnation table set to forbid writing, there is the pos- 
sibility that the data within the recording medium might 
be rewritten by the file system reading that access in- 
formation table and rewriting it. 
[0190] The block permission table (BPT) employed 
with the data processing device according to the present 
invention is an access permission table of the media it- 
self stored in a block wherein rewriting by a device is 
forbidden. In the event that the device executes data 
processing such as rewriting contents data or the like 
using the media storing the BPT, the block permission 
table (BPT) is set in the memory interface unit of the 
device which directly accesses the media, so regardless 
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of which program the control unit of the devices execut- 
ing, memory access is perfonned following the permis- 
sion information set In the block permission table (BPT) 
which is the access permission table of the media. 
[0191] Fig. 10 shows the configuration of a block per- 5 
mission table (BPT). Each set of data will be described 
now. 

• Format Version 

[01 92] Indicates the fomriat version of the BPT (Block 
Permission Table). There are various formats for the 
BPT itself as well, and this is data for identifying which 
of these it is. 

• BPT identifier (BPT ID) 

[0193] An Identifier (ID) of the block permission table 
(BPT: Block Permission Table) 

• Block number (Number of Blocks) 

[0194] Indicates the total number of blocks handled 
by the BPT (Block Permission Table). As described 
above, the flash memory is erased in increments of 
blocks. This indicates the number of blocks managed 
by the BPT 

• Block #1 through #n Permission Flag 

[0195] Indicates that access restriction flags for each 
block. For example, this indicates that the block of flag 
0 is a non-erasable block, and the block of flag 1 is an 
erasable block. 

•BPT-ICV (ICVofBPT) 

[0196] The ICVfortampering check ofthe BPT (Block 
Permission Table) 

[0197] Following recognition of the device, the file 
system of the device reads then the block permission 
table (BPT) from and media such as a memory card or 
the like mounted with flash memory, for example, trans- 
fers the BPT to the memory interface which directly ac- 
cesses the media, and causes the BPT to perform man- 
aging as the access permission table for that media. The 
memory interface unit receives the access permission 
table and sets the BPT (e.g. , the memory unit 321 shown 
In Fig. 4). Upon receiving a command to access the 
memory of the media, the memory interface only exe- 
cutes access based on the access permission table of 
this media. 

[0198] Settings are made in the block permission ta- 
ble (BPT), such as processing forms permitted In incre- 
ments of blocks of the flash memory of the media, spe- 
cifically, settings regarding, for example, erasable 
blocks, non-erasable blocks, reproducible blocks, non- 
reproducible blocks, and so forth. The memory interface 



determines whether or not processing Is permissible, 
following the BPT settings. Details of such processing 
will be described later in further detail. 
[0199] Also, an integrity check value ICV is set in the 
block permission table (BPT) for preventing tampering, 
and at the time of setting the BPT to the memory inter- 
face, an ICV check is executed, and in the event that 
judgement is made that there has been tampering, the 
BPT setting processing is not executed. Accordingly, 
creating and using an unauthorized access permission 
table can be prevented. The ICV of the BPT Is generated 
based on the media identifier (ID). Accordingly, even in 
the event that the access permission table is copied to 
another media, that media cannot be used. The gener- 
ation of an ICV will be described later. 
[0200] The block permission table (BPT) is written to 
a predetermined block of the memory (e.g., flash mem- 
ory) at the time of manufacturing thereof, and shipped. 
At this time, block non-erasable settings are described 
In the block permission table (BPT) for the block within 
the memory where the block permission table (BPT) is 
stored. With the device according to the present inven- 
tion, in the processing of the erasing data stored in the 
media, reference is made to the BPT and reference is 
made to whether or not erasing of each block is permis- 
sible as set In the BPT, following which only erasable 
blocks are erased, so erasing and rewriting of the BPT 
is prevented for media wherein the BPT storing block is 
set as being non-erasable. Writing and reproducing 
processing for files using the BPT within the media will 
be described later. 

[0201] Fig. 11 and Fig. 12 illustrate the flow for setting 
the block permission table (BPT) at the time of manu- 
facturing the media (data recording medium mounting 
flash memory). Here, let us assume that generation of 
the media identifier (ID) and writing ofthe BPT are per- 
formed as a continuous operation through a media cre- 
ating device wherein command communication can be 
made with the media. 

[0202] Fig. 11 is a setting flowchart of the block per- 
mission table (BPT) which is executed by the media cre- 
ating device for the type of media 1 which does not have 
mutual authentication processing functions. Each proc- 
ess will be described. First, an ID read-out command is 
sent to a media wherein initializing settings have not yet 
been performed (S31), and upon receiving an ID stored 
in the media beforehand (S32), and an ICV generating 
key Kicv_bpt is generated (S33) based on the ID. The 
ICV generating key Kicv_bpt is generated based on a 
master key MKicv_bpt, an initial value IVicv_bpt, and the 
BPT identifier (ID). Specifically, this is generated based 
on ICV generating key Kicv__bpt = DBS (E, MKicv_bpt, 
ID^IVicv_bpt). What this equation means is that encryp- 
tion processing is executed in the DES mode with the 
master key MKicv_bpt. on the exclusive-OR ofthe ID of 
the BPT and the initial value IVicv_bpt. 
[0203] Next, necessary parameters are set in the 
fields ofthe BPT (S34), and an ICV Is generated based 
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on the BPT where the parameters are set (applying the 
configuration described later with reference to Fig. 14) 
(S35), and the generated ICV is set in the ICV field of 
the BPT (S36). The block pemiission table (BPT) thus 
configured is written to the media 1 (S37). As described 5 
above, the block where the BPT is written is made to be 
a block set in the BPT as a non-erasable area. 
[0204] Fig. 12 is a flowchart for setting the block per- 
mission table (BPT) executed by a media creating de- 
vice for the media 2 type having mutual authentication 
processing functions. Each of the processes will be de- 
scribed. First, mutual authentication processing and 
session key sharing (see the processing shown in Fig. 
22 described later, for these processes) is executed with 
the media 2 regarding which initialization setting has not 
yet been performed. 

[0205] Upon the mutual authentication and key shar- 
ing processing ending, an ID read-out command is sent 
to the media 2(S41 ), the ID is read out, and an ICV gen- 
erating key Kicv_bpt is generated based on the ID (S42). 
The ICV generating key Kicv_bpt is generated based on 
a master key MKicv_bpt, an initial value IVicv_bpt, and 
the BPT Identifier (ID). Specifically, this Is generated 
based on ICV generating key Kicv_bpt = DES (E, 
MKicv_bpt, ID'^IVicv_bpt). What this equation means is 
that encryption processing Is executed in the DES mode 
with the master key MKicv_bpt, on the exclusive-OR of 
the ID of the BPT and the initial value IVicv_bpt. 
[0206] Next, necessary parameters are set in the 
fields of the BPT (S45), and an ICV is generated based 
on the BPT where the parameters are set (applying the 
configuration described later with reference to Fig. 14) 
(S46), and the generated ICV is set in the ICV field of 
the BPT (S47). The block pemilssion table (BPT) thus 
configured Is written to the media 1 (S48). As described 
above, the block where the BPT is written is made to be 
a block set In the BPT as a non-erasable area. 
[0207] Fig. 1 3 shows a specific configuration example 
of a block permission table (BPT). Fig. 1 3 (a) is the block 
configuration of the flash memory of the media 1 and 
media 2, and Fig. 13 (b) is a block permission table 
(BPT). The block permission table (BPT) has a config- 
uration wherein, following the format version, BPT ID, 
and number of blocks, whether each of the blocks are 
erasable (1). or non-erasable (0). is set, and finally the 
integrity check value of the BPT (ICV of BPT) is stored. 
The BPT storage block (block #2 in the example In Fig. 
13) of the memory Is set in the block permission table 
(BPT) as a non-erasable area, thereby providing a con- 
figuration wherein erasing by the device is prevented, 
and rewriting of BPT is not executed. 
[0208] Now the configuration example of a block per- 
mission table (BPT) shown in Fig. 13 is a configuration 
where only whether each of the blocks are erasable (1 ) 
or non-erasable (0) is set, but an arrangement may be 
made wherein reading (reproduction) is permitted or not 
permitted, instead of a configuration wherein only ac- 
cess permission is set for erasing processing. For ex- 
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ample, settings may be made such as reproduction and 
erasing not permitted (11), reproducible or non-erasable 
(10) non-reproducible but erasable (01), and reproduc- 
ible and erasable (GO). 

[0209] Now, as shown In Fig. 2, and the media 2 has 
a control unit 231 within the media, such that the state 
whether or not the block permission table (BPT) is set 
can be stored, so a configuration may be used wherein 
rewriting of the BPT is prevented with the configuration 
wherein new BPT writing commands come from the de- 
vice in the state that the BPT is set, these are not ac- 
cepted. 

[0210] Note that BPT writing in the above example 
has been described with regard to configuration execut- 
ed through the media creating device which can perform 
command communication with the media, but the con- 
figuration may be such that writing of the BPT to the me- 
dia is performed by a BPT created by a simple memory 
writer directly being written in, instead. However, in this 
case as well, the BPT storing block of the memory is set 
in the block pemilssion table (BPT) as a non-erasable 
area. 

[Tampering check by integrity check value (ICV)] 

[0211] Next, description will be made regarding the 
tampering check processing with the integrity check val- 
ue (ICV: Integrity Check Value). In the configuration of 
the present invention, the Integrity check value (ICV) is 
added to the contents, block permission table, revoca- 
tion list, and so forth, stored in the data storing means, 
and is applied for data tampering check processing for 
each. The integrity check value with regard to the con- 
tents is of a configuration which can be added in incre- 
ments of sector data. The specific form of the ICV 
processing added to the contents, block permission ta- 
ble, revocation list, and so forth, wilt be described later. 
[0212] An example of generating an integrity check 
value (ICV) using a DES encryption processing config- 
uration is shown in Fig. 14. As shown in the configura- 
tion-in Fig. 14, a message configuring the tampering 
check data which is the object is divided into eight-bite 
units (hereafter, the divided message is referred to as 
DO, D1, D2, Dn-1). The tampering check data may 
be the contents itself, for example, or may be the con- 
figuration data of the BPT which is the above-described 
access permission table, or may be the configuration 
data of the revocation list. 

[0213] First, the excluslve-OR is obtained from an in- 
itial value (Initial Value (hereafter, IV)) and DO (the re- 
sults thereof are taken as II). Next, II is placed in the 
DES encryption unit, and encryption is performed using 
the integrity check value (ICV) generating key Kiev (the 
output thereof is taken as E1). Next, the exclusive-OR 
of El and D1 is obtained, the output 12 thereof is placed 
in the DES encryption unit, and encryption is performed 
using the integrity check value (ICV) generating key Kiev 
(output E2). Subsequently, this is repeated, and encryp- 
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tion processing is performed on all of the message. The 
EN which is output at the end is taken as a contents 

checl< value ICV. 

[0214] In the event that the sameness of an author- 
ized ICV guaranteed not to be tampered with, for exam- 
ple, one generated at the time of generating contents, 
and the ICV newly generated based on the contents, is 
proved, i.e., in the event that ICV = ICV, an input mes- 
sage such as the contents, BPT, or revocation lists, for 
example, are guaranteed to be untampered with, but in 
the event that ICV ICV holds, judgement is made that 
there has been tampering. 

[0215] Fig. 15 shows a data tampering check 
processing flow using ICV. First, data which is the object 
of the tampering check Is extracted (S11), and the ICV 
is calculated by the DES encryption processing config- 
uration shown in Fig. 14 for example, based on the ex* 
tracted data (SI 2). As a result of the calculations, the 
calculated ICV and ICV stored in the data are compared 
(SI 3), and in the event that these match, judgement is 
made that there has been no tampering with a data and 
that the data is valid (814 through 81 5), and in the event 
that these do not match, judgement Is made that there 
has been tampering with the data (814 through 816). 
[021 6] The integrity check value (ICV) generating key 
Kicv_rl for tampering checking of the revocation list is 
generated based on the master key MKicv_rl for gener- 
ating the ICV key for the revocation list stored within the 
memory unit 321 (see Fig. 4) of the memory interface 
unit 300 of the device beforehand, the initial value 
IVicv_rl for when generating the ICV of a revocation list, 
and the revocation iist version contained in the attributes 
information of the revocation list. Specifically, this is gen- 
erated based on the integrity check value (ICV) gener- 
ating key Kicv_rl = DES (E, MKicv_rl, Version'^IVicv^rl). 
What this equation means is that encryption processing 
is executed in the DES mode with the master key 
MKicv_rl, on the exclusive-OR of the Version and the 
initial value (IVicv_rl). The integrity check value of the 
revocation list is executed by the ICV generating con- 
figuration shown in Fig. 15 applying the integrity check 
value (ICV) generating key Kicv_rl thus generated, us- 
ing this initial value IVrl (stored in the memory unit 321). 
[0217] Also, the integrity check value (ICV) generat- 
ing key Kicv_bpt for tampering checking of the block per- 
mission table (BPT) is generated based on the master 
key MKicv_bpt for generating the ICV key for the BPT 
stored within the memory unit 321 (see Fig. 4) of the 
memory interface unit 300 of the device beforehand, the 
initial value lVicv_bpt for when generating the ICV key 
of a BPT and the BPT identifier (ID) contained in the 
BPT attributes information. Specifically, this is generat- 
ed based on the integrity check value (ICV) generating 
key Kiev^bpt = DES (E. MKicv_bpt, ID'^IVicv^bpt). What 
this equation means is that encryption processing is ex- 
ecuted in the DES mode with the master key MKicv.bpt, 
on the exclusive-OR of the BPT ID and the initial value 
(IVIcv_bpt). The integrity check value of the block per- 



mission table (BPT) is executed by the ICV generating 
configuration shown in Fig. 15 applying the integrity 
check value (ICV) generating key Kicv_bpt thus gener- 
ated, using this initial value IVbpt (stored in the memory 

5 unit 321 ). Further, the ICV stored as accessory informa- 
tion to the BPT is generated based on data within the 
BPT and data containing the identifier (ID) of the media 
storing the BPT. Accordingly, the ICV check of the BPT 
functions not only to verify whether or not there has been 

10 tampering with the data of the BPT, but also that the BPT 
is uniquely valid to the media, i.e., that this is not a BPT 
copied to a separate media. 

[0218] Also, the integrity check value (ICV) generat- 
ing key Kicv_cont for tampering checking of the contents 

15 in increments of sectors is encrypted and stored in the 
header (security header) of the contents, and is ob- 
tained as necessary by the encryption processing unit 
320 (see Fig. 4) of the memory interface or by the de- 
cryption processing by the DES-CBC mode executed 

20 by the controllers 231 of the media 2 executed following 
mutual authentication with the media 2. These process- 
es will be described In detail in the description using the 
flowcharts. 

[021 9] In the event that, as a result of such a data tam- 
25 pering check, tampering with a revocation list, for exam- 
ple, becomes apparent, reproduction and the like of con- 
tents based on reference processing to the revocation 
list is forbidden, and in the event that judgement Is made 
such that there has been tampering with the BPT which 
30 is the access permission table, processing is executed 
so that accessing data of the media based on the BPT 
is forbidden. These processes will be described in detail 
later. 

35 [Data read-out, write-in processing] 

[0220] The following is a description of the processing 
in the event of a device reading out data from media, 
and the case of a device storing data in media, with the 
40 data processing device according to the present inven- 
tion. 

(Processing at the time of device activation) 

45 [0221] First, processing in the event of activating the 
device will be described with reference to Fig. 16. Fig. 
16 shows the processing of the control unit 205 of the 
device 200 shown in Fig. 2 on the left side, and the 
processing of the memory interface unit 300 on the right 

50 side. The state of the status register of the memory in- 
terface unit 300 at the point of starting the processing 
is; busy flag: 0 (ready), revocation list set flag: 0 (not 
set). 

[0222] First, upon the device being activated, the con- 
55 trol unit transmits a file allocation table call-up command 
in the internal memory to the memory interface unit 
(SI 01). The memory interface unit transmits a file alto- 
cation table read-out command to the internal memory 
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of the device (S102), receives the file allocation table 
from the internal memory, and transmits this to the con- 
trol unit (S103). 

[0223] Now, the file allocation table is a table which 
performs directory management of data stored in inter- 
nal memory accessible by the device and external mem- 
ory, for example, various types of data files such as var- 
ious types of contents, revocation lists, etc., and as 
shown in Fig. 17, has a configuration wherein directo- 
ries, file names, and stored sectors, are correlated. The 
device accesses various files, based on the file alloca- 
tion table. 

[0224] Upon receiving the file allocation table corre- 
sponding to the data stored in the internal memory 
(S104), the control unit executes read-out processing of 
the revocation list based on the table (S105), and trans- 
mits a revocation list set command and a revocation list 
to the memory interface (S106). The set processing of 
a revocation list is executed only in the event that the 
revocation list is valid, and upon the list being set, com- 
parison processing is executed with the contents or me- 
dia identifiers listed in the revocation list at the time of 
processing contents, such as reading contents out from 
the media, etc. These processes wilt be described later. 
[0225] Upon receiving the revocation list set com- 
mand and the revocation list from the control unit 
(S107), the memory interface sets the busy flag of the 
status register to 1 (busy) (S108), and generates the in- 
tegrity check value (ICV) generating key Kicv__rl for tam- 
pering checking of a revocation list (S109). 
[0226] The integrity check value (ICV) generating key 
Kicv_rl for tampering checking of the revocation list is 
generated based on the master key MKicv_rl for gener- 
ating the ICV key for the revocation list stored within the 
device beforehand, the initial value IVicv_rl for when 
generating the ICV key of a revocation list, and the rev- 
ocation list version contained in the attributes informa- 
tion of the revocation list. Specifically, this is generated 
based on the integrity check value (ICV) generating key 
Kicv_rl = DES (E, MKicv_rl, Version'^IVicv.ri). What this 
equation means is that encryption processing is execut- 
ed in the DES mode with the master key MKicv_ri. on 
the exclusive-OR of the Version and the initial value 
(IVicv_rl). 

[0227] Next, the memory interface generates an ICV 
of the revocation list using the generated integrity check 
value (ICV) generating key Kicv_ri, and executes colla- 
tion processing (ICV = ICV?) with the correct ICV stored 
in the revocation list beforehand (S110). The generating 
processing of the ICV is performed by processing ap- 
plying the integrity check value (ICV) generating key 
Kicv_ri, using the initial value IVri, based on the DES 
mode described with the above Fig. 14. 
[0228] In the event that ICV = ICV holds (Yes in S11 1 ). 
judgement is made that the revocation list is valid with 
no tampering, and this is set to a referable state for 
processing such as reading out contents and the like, 
and the revocation list set flag is set to 1 (set) (S112). 



The revocation list is stored in memory (e.g., the mem- 
ory unit 321 (see Fig. 4)) within the memory interface, 
and upon the transmission/reception control unit 306 re- 
ceiving a media recognition command from the control 

5 unit 205 (see Fig. 2), collation is executed between the 
media identifier of the revocation list that has been set, 
and the media identifier of the media that has been 
mounted to the device, and upon the transmission/re- 
ception control unit 306 receiving a header set com- 

10 mand accompanying read-out processing of contents 
from the control unit 205, collation is executed between 
the contents identifier in the revocation list that has been 
set, and a contents identifier of the contents which are 
the object of being read out. 

15 [0229] In this way, the revocation list is set up in the 
memory interface which directly accesses external 
memory and the like, and following the set up, is of a 
configuration which is continuously usable at the mem- 
ory interface for when mounting media and reproducing 

20 contents, so processing for repeatedly reading out from 
the internal memory when using contents becomes un- 
necessary, and processing is efficiently executed. 
[0230] Description of the flowchart in Fig. 16 will be 
continued. In the event that ICV ICV holds (No in 

25 S111), judgement is made that the revocation list has 
been tampered with, and processing of contents based 
on the list reference processing is forbidden, and the 
processing ends. Due to the above processing ending, 
the busy flag is set to 0. 

30 [0231] On the other hand, the control unit side trans- 
mits a status read-out command to the memory inter- 
face (S114), and saves a revocation list set flag (S116) 
under the condition that the busy flag is 0 (S115). In the 
event that judgement is made that there has been no 

35 tampering with the list, the revocation set flag to be 
saved is set to 1 which indicates that the list has been 
set to valid, and othenA^ise is set to 0. 

(Processing at the time of recognizing media) 

40 

[0232] Next, description will be made regarding 
processing executed at the time of recognizing media, 
such as confirmation of the validity of the media in the 
event that media is mounted to the device. As described 

45 above, there are two types of media, media 1 of the type 
wherein mutual authentication processing is not execut- 
ed with the device, and media 2 of the type wherein mu- 
tual authentication processing not executed with the de- 
vice. Upon each type being mounted to the device, the 

50 device executes processing for confimiing whether or 
not there is permission to execute contents processing 
using the media, specifically, whether there is no regis- 
tration in the revocation list as unauthorized media, sets 
the BPT (Block Pemiission Table) which is an access 

55 permission table stored in the media into the memory 
interface under the condition that the mounted media is 
not listed In the revocation list and is confirmed to be 
validly usable media, and executes processing enabling 
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memory access with reference to the BPT. 
[0233] First, the media confirmation processing in the 
event that the media 1 is mounted will be described with 
reference to Fig. 18 and Fig. 19. 
[0234] Fig. 18 and Fig. 19 also show the processing 
of the control unit 205 of the device 200 shown in Fig. 2 
on the left side, and the processing of the memory in- 
terface unit 300 on the right side. The state of the status 
register of the memory interface unit 300 at the point of 
starting the processing is; busy flag: 0 (ready), media 1 
valid flag: 0 (invalid), and media 1 set flag: 0 (not set). 
[0235] First, the control unit recognizes whether the 
media mounted to the device is a media 1 (S201 ). Media 
identification is perfonmed based on mechanical infor- 
mation based on a media form set beforehand or based 
on communication information between the device and 
media. Upon recognition that this is a media 1 , the con- 
trol unit transmits a media 1 recognition command to the 
memory interface (S202). 

[0236] Upon receiving the media 1 recognition com- 
mand from the control unit (S203), the memory interface 
unit sets the busy flag of the status register to 1 (busy) 
(S204), and transmits a read-out command for the iden- 
tifier (ID) of the media 1 to the media 1 (S205), and re- 
ceives (S206). Further, comparison collation is execut- 
ed between the received ID of the media 1 and the list 
of revoked media 1 already set in the revocation list 
(S207). As described in the flowchart for activation with 
Fig. 16 above, the revocation list is set up in the memory 
interface at the time of activation, and following the set 
up, is continuously usable at the memory interface for 
when mounting media and reproducing contents. 
[0237] In the event that there is no ID in the list match- 
ing the received ID, judgment is made that the mounted 
media 1 is not media which is the object of revocation, 
but is a validly usable media (No in S208), so the media 
1 valid flag ofthe status register is set to 1 (valid) (S209), 
and the busy flag is set to 0 (ready) (S210). In the event 
that there is an ID in the list matching the received ID 
(Yes in S208), judgment is made that the mounted me- 
dia 1 is media which is the object of revocation, and is 
not validly usable media, so validating processing of the 
valid flag in step S209 is not executed, but the busy flag 
is set to 0 (ready) in step S21 0, and the processing ends. 
[0238] On the other hand, in step S21 1 the control unit 
side transmits a status read-out command to the mem- 
ory interface, and following confirmation that the busy 
flag is 0 (ready) (S212), confirms the media flag state 
and continues processing only in the event that this is 
valid (flag: 1 ) (Yes in S21 3), and ends the processing in 
the event that this is invalid (flag: 0) (No in S213). 
[0239] Next, the flow proceeds to Fig. 19. the control 
unit transmits a file allocation table call-up command re- 
lating to media 1 to the memory interface unit (S221), 
the memory interface transmits a sector read-out com- 
mand where the file allocation table is stored to the me- 
dia 1 (S222), receives the file allocation table from the 
media 1. and transmits this to the control unit (S223). 



[0240] Upon receiving the file allocation table corre- 
sponding to the data stored In the media 1 (S224), read- 
out processing of the block permission table (BPT) is 
executed based on the table (S225), and a BPT set com- 

5 mand and the BPT are transmitted to the memory inter- 
face (S226). The set processing ofthe BPT is executed 
only in the event that the BPT is valid, and upon the BPT 
being set. judgment is made regarding whether or not 
erasing in units of blocks is possible with reference to 

10 the BPT at the time of contents processing, such as 
processing for writing contents from the media, and so 
forth. Data writing processing actually referring to a BPT 
will be described later. 

[0241] Upon receiving the block permission table 

15 (BPT) set command and the BPT from the control unit 
(S227). the memory interface sets the busy flag of the 
status register to 1 (busy) (S228). and generates the in- 
tegrity check value (ICV) generating key Kicv_bpt for 
tampering checking of the BPT (S229). 

20 [0242] The integrity check value (ICV) generating key 
Kicv_bpt for tampering checking of the BPT is generated 
based on the master key MKicv_bpt for generating the 
ICV key for the BPT stored within the device before- 
hand, the initial value IVIcv_bpt for when generating the 

25 ICV of the BPT, and the media ID. Specifically, this is 
generated based on the integrity check value (ICV) gen- 
erating) key Kicv_bpt = DES (E, MKicv^bpt, medi- 
alD'^IVicv_bpt). What this equation means is that en- 
cryption processing is executed in the DES mode with 

30 the master key MKicv_bpt, on the exclusive-OR of the 
media 1 ID and the initial value (IVicv_bpt). 
[0243] Next, the memory interface generates an ICV 
of the BPT using the generated integrity check value 
(ICV) generating key Kicv_bpt, and executes collation 

35 processing (ICV* = ICV?) with the correct ICV value 
stored in the BPT beforehand (3230). The generating 
processing of the ICV is perfomried by processing ap- 
plying the generated integrity check value (ICV) gener- 
ating key Kicv_bpt, using the initial value IVbpt, based 

40 on the DES mode described with the above Fig. 14. Fur- 
ther, the ICV stored as accessory information to the BPT 
is generated based on data containing the identifier (ID) 
of the media. Accordingly, the ICV check functions not 
only to verify whether or not there has been tampering 

45 with the data ofthe BPT, but also that the BPT is uniquely 
valid to the media, i.e., that this is not a BPT copied to 
a separate media. 

[0244] In the event that \CV = ICV holds (Yes in 
S231), judgement is made that the BPT is valid with no 

50 tampering that is stored in valid media, and this is set to 
a referable state for contents processing and the like, 
and the media 1 set flag is set to 1 (set) (S232). In the 
event that ICV ^ ICV holds (No in S231), judgement is 
made that the BPT has been tampered with, processing 

55 of contents based on BPT reference processing is for- 
bidden, and the processing ends. Due to the above 
processing ending, the busy flag is set to 0 (S233). 
[0245] On the other hand, the control unit side trans- 
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mits a status read-out command to the memory inter- 
face (S234), and saves a media 1 set flag (S236) under 
the condition that the busy flag Is 0 (Yes in S235). In the 
event that judgement is made that there has been no 
tampering with the list, the media 1 set flag to be saved 
is set to 1 which indicates that the list has been set to 
valid, and othenA/ise is set to 0. 
[0246] Next, media 2 confirmation processing per- 
formed at the time that a media 2 is mounted to the de- 
vice will be described with reference to Fig. 20 and Fig. 
21. As described with reference to Fig. 2, the media 2 
Is a media which executes mutual authentication with 
the device. 

[0247] The steps in Fig. 20 from step S301 through 
S304 are the same as step S201 through S204 in the 
media 1 confirmation processing, so description thereof 
will be omitted. 

[0248] In step S305, the memory interface executes 
mutual authentication processing with the media 2. 
[0249] Fig. 22 illustrates a processing sequence for a 
mutual authentication method (ISO/IEC 9798-2) using 
a shared key encryption method. In Fig. 22, DES is used 
as this shared key encryption method, but other meth- 
ods may be used as well as long as they are a shared 
key encryption method. In Fig. 22, first, B generates a 
64-bit random number Rb, and transmits the Rb and its 
own ID which is ID(b) to A. A, upon receiving this, gen- 
erates a new 64-bit random number Ra, and encrypts 
data using a key Kab in the DES CBC mode, in the order 
of Ra, Rb, and ID(b), and returns this to B. Note that the 
key Kab is the secret key and authentication key shared 
by A and B. The encryption processing with the key Kab 
using the DES CBC mode takes the exclusive-OR of the 
initial value and Ra in the processing using DES for ex- 
ample, performs encryption at the DES encryption unit 
using the key Kab. generates ciphertext E1, then sub- 
sequently takes the exclusive-OR of the ciphertext E1 
and Rb, performs encryption at the DES encryption unit 
using the key Kab, generates ciphertext E2, and further 
takes the exclusive-OR of the ciphertext E2 and ID(b), 
performs encryption at the DES encryption unit using 
the key Kab, and generates ciphertext E3, thereby gen- 
erating transmission data (Token-AB). 
[0250] Upon receiving this, B decrypts the received 
data with the key Kab (authentication key) stored in each 
of the recording devices also as a shared secret key. As 
for the method for decrypting the received data, first, the 
ciphertext E1 is decrypted with the authentication key 
Kab, and obtains the exclusive-OR thereof with the ini- 
tial value, thereby obtaining the random number Ra. 
Next, the ciphertext E2 is decrypted with the authenti- 
cation key Kab. the exclusive-OR of the results thereof 
and E1 Is obtained, thereby obtaining Rb. Finally, the 
ciphertext E3 is decrypted with the authentication key 
Kab, the exclusive-OR of the results thereof and E2 is 
obtained, thereby obtaining ID(b). Of the Ra, Rb, and ID 
(b) thus obtained, verification is made regarding wheth- 
er Rb and ID(b) match that which B has transmitted. In 



the event that this verification is passed, B authenticates 
A as being valid. 

[0251] Next, B generates a session key (Kses) to be 
used following authentication, with the random number. 

5 Then, encryption is perfomied in the DES CBC mode 
using the authentication key Kab, in the order of Rb, Ra, 
and Kses, and this is returned to A. 
[0252] Upon receiving this, A decrypts the received 
data with an authentication key Kake. The decryption 

10 method of the received data is the same as the decryp- 
tion processing of B. Of the Rb, Ra, and Kses thus ob- 
tained, verification is made regarding whether Rb and 
Ra match that which A has transmitted. In the event that 
this verification is passed, A authenticates B as being 

15 valid. Following mutually authenticating the other, the 
session key Kses is used as a shared key for secret 
communication following authentication. 
[0253] In the event that a malfeasance or mismatch 
is discovered at the time of verifying the received data, 

20 the mutual authentication is taken to have failed, and 
subsequently mutual data communication processing is 
forbidden. 

[0254] Fig. 23 and Fig. 24 show a flowchart for mutual 

authentication and key (session key) sharing process- 
es ing between the device according to the present inven- 
tion and the media. In Fig. 23 and Fig. 24, the left side 
is the memory interface of the device, and the right side 
Is the processing at the controller of the media 2. 
[0255] First, the media 2 controller generates a ran- 
30 dom number Ra (S401), and transmits the media 2 ID 
which is its own ID to the device memory interface 
(S402). Upon receiving this (S403), the device memory 
interface performs DES encryption processing by apply- 
ing the authentication key generating master key MKake 
35 which it owns to the exclusive-OR of the received media 
2 ID and an initial value (IV_ake), thereby generating an 
authentication key Kake (S404). Further, the device 
memory interface newly generates a random number 
Rb (S405). takes the exclusive-OR of an initial value IV/ 
40 auth and Rb, encrypts this using the key Kake. gener- 
ates the ciphertext E1, subsequently takes the exclu- 
sive-OR of El and Ra, encrypts this using the key Kake 
to generate the ciphertext E2, further takes the exclu- 
sive-OR of E2 and media 2 ID, encrypts this using the 
45 key Kake to generate the ciphertext E3 (S406), trans- 
mits the generated data El || E2 || E3 to the media 2 
controller (S407). Note that [||] implies junction of the 
data. 

[0256] Upon receiving this (S408), the media 2 con- 
so troller decrypts the received data with the authentication 
key Kake (S409). As for the decryption method of the 
received data, first, the ciphertext El is decrypted with 
the authentication key Kake, and the exclusive-OR 
thereof with the initial value Is obtained to obtain the ran- 
55 dom number Rb'. Next, the ciphertext E2 is decrypted 
with the authentication key Kake, and the exclusive-OR 
of the results thereof and El is obtained to obtain Ra'. 
Finally, the ciphertext E3 is decrypted with the authen- 
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tication key Kake, and the and the exclusive-OR of the 
results thereof and E2 is obtained to obtain the media 2 
ID'. Of the Ra*. Rb', and media' 2 ID* thus obtained, ver- 
ification Is performed whether Ra' and media 2 ID' match 
that which the media 2 has transmitted (S410 and 
S411). In the event that this verification is passed, the 
media 2 authenticates the device as being valid. In the 
event that Ra' and the media 2 ID' do not match the 
transmitted data, mutual authentication is taken to have 
failed (S413). and subsequent data communication is 
cancelled. 

[0257] Next, the media 2 controller generates a ran- 
dom number to serve as a session key (Kses) to be used 
following authentication (S412). Next, In step S421 in 
Fig. 24, encryption is performed in the DES CBC mode 
using the authentication key Kake, in the order of Ra, 
Rb, and Kses, and this is transmitted to the device mem- 
ory interface (S422). 

[0258] Upon receiving this (S423), the device memory 
interface decrypts the received data with the authenti- 
cation key Kake. Of the Ra", Rb", and Kses thus ob- 
tained, verification is made regarding whether Ra" and 
Rb" match-that which the device has transmitted (S425 
and S426). In the event of passing this verification, the 
device authenticates the media 2 as valid (S427). Fol- 
lowing mutually authenticating each other, the session 
key Kses is shared (S429), and is used as a shared key 
for secret communication following authentication. In 
the event that Ra" and Rb" do not match the transmitted 
data, the mutual authentication is taken to have failed 
(S428), and subsequent data communication is can- 
celled, 

[0259] Returning to Fig. 20. description of the media 
2 recognition processing will be continued. The above- 
described mutual authentication and key sharing 
processing is executed in step S305, and upon confir- 
mation in step S306 that the mutual authentication has 
succeeded, comparison collation is executed between 
the ID of the media 2 received during the mutual authen- 
tication processing and the list of revoked media 2 in the 
revocation list already set (S307). 
[0260] In the event that there is no ID in the list match- 
ing the received ID, judgment is made that the mounted 
media 2 is not media which is the object of revocation, 
but is a validly usable media (No in S308), so the media 
2 valid flag of the status register is set to 1 (valid) (S309), 
and the busy flag is set to 0 (ready) (S310). In the event 
that there is an ID in the revocation list matching the 
received ID (Yes in S308), judgment is made that the 
mounted media 2 is media which is the object of revo- 
cation, and is not validly usable media, so validating 
processing of the valid flag in step S309 is not executed, 
but the busy flag is set to 0 (ready) in step S310, and 
the processing ends. 

[0261] On the other hand, in step S311 the control unit 
transmits a status read-out command to the memory in- 
terface, and following confirmation that the busy flag is 
0 (ready) (S312), confirms the media flag state and con- 



tinues processing only in the event that this is valid (flag: 
1 ) (Yes in S313), and ends the processing in the event 
that this is invalid (flag: 0) (No in S313). 
[0262] Next, the flow proceeds to Fig. 21 , the control 

5 unit transmits a file allocation table call-up command re- 
lating to the media 2 to the memory interface (S321). 
the memory interface transmits a sector read-out com- 
mand where the file allocation table is stored to the me- 
dia 2 (S322), receives the file allocation table from the 

10 media 2, and transmits this to the control unit (S323). 
[0263] Upon receiving the file allocation table corre- 
sponding to the data stored in the media 2 (S324), the 
control unit executes read-out processing of the block 
permission table (BPT) based on the table (S325), and 

15 transmits a BPT set command and the BPT to the mem- 
ory interface (S326). The set processing of the BPT is 
executed only in the event that the BPT is valid, and up- 
on the BPT being set, judgment is made regarding 
whether or not erasing in units of blocks is possible with 

20 reference to the BPT at the time of contents processing, 
such as processing for writing contents from the media, 
and so forth. Data writing processing actually referring 
to a BPT will be described later. 
[0264] Upon receiving the block permission table 

25 (BPT) set command and the BPT from the control unit 
(S327), the memory interface sets the busy flag of the 
status register to 1 busyy (S328), and generates the in- 
tegrity check value (ICV) generating key Kicv_bpt for 
tampering checking of the BPT (S329). 

30 [0265] The integrity check value (ICV) generating key 
Kicv_bpt for tampering checking of the BPT is generated 
based on the master key MKicv_bpt for generating the 
ICV key for the BPT stored within the device before- 
hand, the initial value IVicv_bpt for when generating the 

35 ICV of the BPT, and the media 2 ID. Specifically, this is 
generated based on the integrity check value (ICV) gen- 
erating key Kicv_bpt = DES (E, MKicv_bpt, 
media2ID'^IVicv_bpt). What this equation means is that 
encryption processing is executed in the DES mode with 

40 the master key MKicv_bpt, on the exclusive-OR of the 
media 2 ID and the initial value (IVicv_bpt). 
[0266] Next, the memory interface generates an ICV 
of the BPT using the generated integrity check value 
(ICV) generating key Kicv_bpt, and executes collation 

45 processing (ICV = ICV?) with the correct ICV value 
stored in the BPT beforehand (S330). The generating 
processing of the ICV is perfomied by processing ap- 
plying the generated integrity check value (ICV) gener- 
ating key Kicv_bpt, using the initial value IVbpt, based 

50 on the DES mode described with the above Fig. 14. Fur- 
ther, the ICV stored as accessory information to the BPT 
is generated based on data containing the media 2 ID, 
and accordingly, the ICV check functions not only to ver- 
ify whether or not there has been tampering with the da- 

55 ta of the BPT, but also that the BPT is uniquely valid to 
the media, i.e., that this is not a BPT copied to a separate 
media. 

[0267] In the event that ICV = ICV holds (Yes in 
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S331), judgement is made that the BPT is valid with no 
tampering and is stored in valid media, and this Is set to 
a referable state for contents processing, and the media 
2 set flag is set to 1 (set) (S332). In the event that ICV 
^ ICV holds (No in S331), judgement Is made that the ^ 
BPT has been tampered with, processing of contents 
based on BPT reference processing is forbidden, and 
the processing ends. Due to the above processing end- 
ing, the busy flag is set to 0 (S333). 
[0268] On the other hand, the control unit side trans- 
mits a status read-out command to the memory Inter- 
face (S334), and saves a media 2 set flag (S336) under 
the condition that the busy flag is 0 (Yes In S335). In the 
event that judgement is made that there has been no 
tampering with the BPT, the media 2 set flag to be saved 
Is set to 1 which indicates that the list has been set to 
valid, and otherwise is set to 0. 

(Data file read-out processing) 

[0269] Next, the processing for reading out data files 
will be described with reference to the flowchart in Fig. 
25. Data files Include music data, Image data, and other 
such contents data files, and also the above-described 
revocation list. The flowchart shown in Fig. 25 is the 
processing flow common to reading out data files stored 
in any of the internal memory or external memory (media 
1 and media 2). In Fig. 25, the left side is the control unit 
of the device, and the right side is the processing at the 
memory interface of the device. 
[0270] First, the control unit obtains sector addresses 
(S(1) through S(k)) of data to be read out (S501) from 
the file allocation table (see Fig. 17), and sequentially 
transmits obtained sector S(l) read-out commands to 
the memory interface (S502, S503). Upon receiving the 
sector S(l) read-out commands (S504), the memory in- 
terface sets the busy flag to 1 (busy) (S505), judges 
whether the received sector S(i) is internal memory or 
external memory (S506), and in the event that this is 
extemal memory, judges whether the set flag of the me- 
dia 1 or media 2 is 1 (indicating that the media is set to 
valid) (S507), and In the event that the set flag is 1 , fur- 
ther makes reference to the block permission table 
(BPT), and judges whether or not the BPT has this sec- 
tor S(i) which Is the object of reading out to set as a block 
regarding which reading out is permitted (S508). In the 
event that there is the read-out permission block setting 
in the BPT, the data at this sector is read out from the 
extennal memory (S509). 

[0271] Now, In the event that the data to be read out 
Is data in the internal memory which Is not managed by 
the BPT. the steps S507 and S508 are skipped. In the 
event that the judgment made in steps S507 and S508 
is No, i.e., in the event that the set flag of the media 
storing this sector S(i) is not 1 , or in the event that a 
read-out pemiission is not set in the BPT for the sector 
S(l), the flow proceeds to step S513. and the read-out 
success flag is set to 0, as a read-out error. 



[0272] In the event that judgement is made In the judg- 
ment blocking in steps S506 through S508 that reading 
out of the object sector S(i) is executable, this sector is 
read out from the memory, error correction processing 
based on the en'or correction code in a redundant por- 
tion set corresponding to the sector is executed (S51 0), 
confirmation is made that that error correction has suc- 
ceeded (S511), the read-out success flag is set to 1 
(successful), the readout results are stored In the buffer 
(S512), and the busy flag is set to 0 (ready) (S513). In 
the event that en-or conrection has failed, the read-out 
success flag is set to 0 (fail) (S51 3). and the processing 
ends. 

[0273] Also, in steps S515 through S520. the control 
unit reads out the status of the memory interface, and 
in the state that the busy flag is 0, the read-out data is 
extracted from the buffer and saved under the condition 
that the read-out success flag is 1 , the addresses are 
sequentially incremented, thereby repeatedly executing 
the processing for sequentially extracting the data from 
the buffer and saving it, and following saving all the sec- 
tors which are the object of reading out. the file is con- 
figured of all sectors that have been read out, and the 
processing ends. 

(File write-in processing) 

[0274] Next, the processing for writing in data files will 
be described with reference to the flowchart In Fig. 26. 
The flowchart shown in Fig. 26 Is the processing flow 
common to writing data flies to any of the internal mem- 
ory or external memory (media 1 and media 2). In Fig. 
26, the left side is the control unit of the device, and the 
right side, the memory interface of the device. 
[0275] First, the control unit divides the file which is 
the object of writing into sectors. Let us say that the di- 
vided data is D(1) through D(k). The control unit next 
sets the writing sector S(i) for each data D(i), and se- 
quentially transmits sector S(l) write-in commands and 
data D(l) to the memory interface (S602 through S604). 
Upon receiving a the sector S(i) write-in commands 
(S605), the memory Interface sets the busy flag to 1 
(busy) (S606), judges whether the receiving sector S(i) 
is internal memory or external memory (S607), and in 
the event that this is external memory, judges whether 
or not the set flag of the media 1 or media 2 Is one (In- 
dicating that the media is set to valid) (S608), and in the 
event that the set flag is 1, further makes reference to 
the block permission table (BPT). and judges whether 
or not the BPT has set the sector S(i) which is the object 
of writing as a write-in permitted block (S609). In the 
event that there are settings as the write-in pemnitted 
block in the BPT, a correcting code to be set correspond- 
ing to the sector is generated (S610), a redundant por- 
tion having error correcting code is written into the sector 
S(i) and data D(i), the write-in success flag is set to 1 
(success), and the busy flag is set to 0 (ready) (S614). 
[0276] Now, in the event that the data to be written In 
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is write-in processing to the internal memory which is 
not managed by the BPT, the steps S608 and S609 are 
skipped. In the event that the judgment made in steps 
S608 and S609 is No, i.e., in the event that the set flag 
of the media is not 1 , or in the event that a write-in per- 
mission is not set in the BPT for the sector S(i), the flow 
proceeds to step S613, and the write-in success flag is 
set to 0, as a read-out error. 

[0277] Also, in steps S616 through S620, the status 
of the memory interface is read out, and in the state that 
the busy flag is 0, the addresses are sequentially incre- 
mented and the write-in data is sequentially transmitted 
to the memory interface under the condition that the 
write-in success flag is 1. Following ending of alt 
processing, updating processing of the file allocation ta- 
ble is executed (S621), the updated file allocation table 
Is transmitted to the memory interi'ace along with an up- 
dating command (S622), and the memory interface ex- 
ecutes the processing of writing in the file allocation ta- 
ble according to the command (S623). 

[Encryption processing applying encryption keys 
corresponding to sector position] 

[0278] Next, description will be made regarding en- 
cryption processing applying encryption keys that cor- 
respond to sector positions. There are cases wherein 
encryption Is performed on contents portions for protect- 
ing copyrights and the like, but in the event that the en- 
tirety of the contents portion is encrypted with a single 
encryption key, this means that great amounts of cipher- 
text are generated under a single key, increasing the 
danger of being vulnerable to attack. It can be said that 
normally, the contents portion is preferably divided as 
much as possible, with each being encrypted with dif- 
ferent keys. Sectors can be given that as the minimum 
unit for encrypting contents with the present system, but 
in the case that saving the keys in the header area is 
object, key information of eight bytes (in the case of 
DES) or 1 6 bytes (In the case of triple-DES) is necessary 
for each sector, so the header size becomes massive 
which reduces the data area in the limited memory area, 
which Is undesirable In practice. Also, employing a 
method wherein a key for encrypting a sector is stored 
in the data portion of that sector does not affect the 
header size, but the data size is cut back since no data 
can be placed in the key area, and further, in the case 
of the system wherein the control unit side has a file sys- 
tem, the file system Itself needs to be greatly changed. 
[0279] Thus, according to the present invention, M 
pieces of key information corresponding to the M 
number of sectors per block of media are stored in a 
security header (see Fig. 7) which is the above-de- 
scribed attributes information of the contents, and these 
are applied as encryption keys for each of the sectors 
(see Fig. 8). Kc_EncryptedO through Kc_Encrypted31 
within the security header shown in Fig. 7 indicate the 
32 encryption keys Kc. Note that [Encrypted] Indicates 



that each key Kc Is encrypted and stored. The configu- 
ration Is such that keys are selected, according to the 
position of the sector in the block, from these multiple 
keys, and used as encryption keys corresponding to the 
5 sectors. 

[0280] Fig. 27 shows a diagram illustrating the key 
storage configuration In a security header generated 
corresponding to contents as header Information of the 
contents, and the correlation between the stored keys 

10 and the sectors within the memory which are the object 
of application of the keys. Fig. 27(a) is a diagram illus- 
trating the key storage configuration within the security 
header described eariier with reference to Fig. 7, in a 
simplified manner. An M number of keys (content keys) 

15 from Kc(0) through Kc(M-1) are stored in the security 
header shown in Fig. 27(a). In addition to the keys, var- 
ious types of infomnation such as version, contents type, 
and so forth are stored In the header, and further, the 
ICV for tampering checking of the header information Is 

20 also stored. 

[0281] The M number of contents keys are each cor- 
related with each of the sectors and are used for encryp- 
tion of data to be stored in the sectors, as shown In Fig. 
27(b), for example. As described eariier with reference 

25 to Fig. 3, flash memory which performs erasing in incre- 
ments of blocks has the data storing area thereof divided 
into block increments as shown in Fig. 27(b), with each 
block being further divided into multiple sectors. For ex- 
ample, the key Kc(0) is applied as the encryption key for 

30 data to be stored in sector 0 of the blocks In the memory, 
and the key Kc(s) Is applied as the encryption key for 
data to be stored in sectors of the blocks in the memory. 
Further, the key Kc(M-1 ) is applied as the encryption key 
for data to be stored in sector M-1 of the blocks In the 

35 memory. 

[0282] Thus, the security of the stored data (e.g. , con- 
tents) Is heightened by storing the data by applying dif- 
ferent encryption keys corresponding to sectors. That 
is, while in the event that the entire contents are encrypt- 
40 ed with a single key, the entire contents can be decrypt- 
ed by a key leak, but with the present configuration, it is 
Impossible to decrypt the entire data from a single key 
leak. 

[0283] Single DES which executes DES encryption 
45 processing with a single encryption key, for example, is 
used for the encryption algorithm. Also, an encryption 
configuration which applies triple DES using two or more 
keys for encryption may be applied instead of single 
DES. 

50 [0284] Fig. 28 shows a detailed configuration exam- 
ple of Triple DES. As shown in Fig. 28 (a) and (b). there 
are the following two different forms as representative 
configurations of Triple DES. Fig. 28(a) shows an exam- 
ple using 2 encryption keys, with processing been per- 

55 formed in the order of encryption processing by key 1 . 
decryption processing by key 2, and further encryption 
processing by key 1 . Two types of keys are used, In the 
order of K1 , K2. and K1 . Fig. 28(b) Illustrates an example 
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of using three encryption keys, with processing being 
performed in the order of encryption processing by l^ey 
1, encryption processing by key 2, and further encryp- 
tion processing by key 3, where an encryption process- 
ing is performed each of the three times. Three types of 
keys are used, in the order of K1, K2, and K3. The 
strength of security can be improved over that of single 
DES, by the configuration wherein multiple processes 
are continued. 

[0285] Fig. 29 illustrates the configuration example 
wherein encryption processing by Triple DES has been 
performed, applying a pair of two different encryption 
keys to each sector of the data to be stored in the mem- 
ory. As shown in Fig. 29, triple DES encryption is per- 
formed on sector 0 of each block using the two keys of 
key Kc(0) and Kc(1 ), triple DES encryption is performed 
on sector s of each block using the two keys of key Kc 
(s) and Kc(s+1 ), and triple DES encryption is performed 
on sector M-1 of each block using the two keys of key 
Kc(M-1) and Kc(0). The number of keys to be stored in 
the header is M with this case as well, so security can 
be heightened without the need to increase the number 
of keys stored shown in Fig. 27(a). 
[0286] Further, a data encryption configuration exam- 
ple according to a different form is shown in Fig. 30. Fig. 
30 is a form wherein triple DES encryption has been per- 
formed using 2 keys, with two consecutive sectors areas 
in each block of the memory as one encryption block. 
As shown in Fig. 30, Triple DES encryption is performed 
for sector 0 and sector 1 of each block using the two 
keys of key Kc(0) and Kc(1), Triple DES encryption is 
performed for sector 2s and sector 2s+1 of each block 
using the two keys Kc(2s) and Kc(2s+1 ), and Triple DES 
encryption is performed for sector M-2 and sector M-1 
of each block using the two keys Kc(M-2) and Kc(M-1 ). 
Thus, the processing load for the encryption process or 
decryption process can be lightened by applying the 
same encryption processing to multiple sectors. 
[0287] In addition to the examples shown in Fig. 27, 
Fig. 29, and Fig. 30, various configurations can be made 
as configurations for executing encryption for each sec- 
tor using keys selected from multiple keys stored in the 
header. For example, in Figs. 27, 29, and 30, the con- 
figuration has and the same number of keys as the 
number of sectors stored in the header, but in the event 
that the number of sectors is M, for example, a config- 
uration may be used wherein the number of stored keys 
is N (wherein N < M), so that the sector 0 and sector s 
are encrypted with the same key, and so forth. Or, a con- 
figuration may be made wherein the number of stored 
keys is L (wherein L > M), so as to apply a triple DES 
with entirely different multiple key sets for each sector 

[Configuration for adding integrity check value (ICV) in 
increments of sectors] 

[0288] Next, the configuration whereby the integrity 
check value (ICV) is added in increments of sectors will 



be described. In the event of confirming the validity of 
data configured over multiple sectors, generally, a con- 
figuration wherein the above-described integrity check 
value (ICV) is added to the end or the like of the entire 
5 contents data, has been common. With such an ICV 
adding configuration for the entire data, the validity can- 
not be confimned in increments of sectors making up the 
data. 

[0289] Also, in the event of storing the ICV, placing 

10 the iCV in the same area as the storage area of the con- 
tents which are the actual data reduces the area usable 
as a data portion by that much. If an ICV for each sector 
were to be put in the data in each sector, this would ne- 
cessitate processing for separating and extracting the 

15 actually-used data from the ICVs, i.e., processing for re- 
moving the ICV within the sector of the data portion that 
has been read out, and processing for linking multiple 
sectors of data within the extracted sector, for the file 
system of the device to execute processing wherein da- 

20 ta is read out in increments of data portions, necessitat- 
ing the file system to be newly constructed to execute 
this processing. Further, performing the ICV checks at 
the control unit places that much load of processing on 
the control unit. 

25 [0290] With the data processing device according to 
the present invention, ICVs are set in each sector in or- 
der to enable data tampering checks for each sector, 
and the ICVs are set not in the actual data area, but are 
positioned in a redundant portion area set beforehand 

30 as an area which is not read by the file system of the 
device. With the configuration wherein the ICV is placed 
in the redundant portion, there is no need to place the 
ICV is within the data, so more area of the data portion 
can be used. Also, placing ICVs In the redundant portion 

35 does away with the need to separate the data portion 
and ICV ease, and the processing for linking the data, 
so continuity of the data read-out Is maintained. 
[0291] At the time of reading the data, an ICV check 
process is executed for each sector at the memory in- 

40 terface unit 300 (see Fig. 2), and in the event that judge- 
ment is made that there is tampering, and the data is 
invalid, transfer to the control unit 205 (see Fig. 2) is not 
executed. Also, at the time of writing data, the ICV is 
calculated for each sector of the memory interface unit 

45 300. and processing for writing this into the redundant 
portion is-executed. 

[0292] Also, whether or not to add an ICV to each sec- 
tor is specified by describing in the security header. With 
regard to this configuration, as indicated in the descrip- 

50 tion of the security header configuration in Fig. 7. the 
ICV flag within the security header has as many flags 
as the number of sectors in the block (32 sectors), indi- 
cating ICV addition/non-addition for each sector within 
the block. For example 0: no ICV, 1: ICV added, is set. 

55 [0293] Fig. 31 Illustrates the data usage portion and 
redundant portion configuration. As shown in Fig. 31 (a), 
the data stored In the memory (flash memory) Is divided 
Into block increment areas having multiple sector areas, 
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and is stored. As shown In (b), each sector is configured 
of 512 or 1024 bytes, for example, the data usage por- 
tion which Is read by the file system of the device as 
actual data (e.g.. contents), and the redundant portion 
storing information such as ECC (Enror Connection 
Code) which is not read by the file system. 
[0294] The capacity of this redundant portion is an ar- 
ea predetermined as 16 bytes or 20 bytes, for example, 
with the file system of the device recognizing this redun- 
dant portion as a non-data area, and does not read in 
the data (contents) reading processing. Generally, ECC 
stored in a redundant portion does not use the entirety 
of the redundant portion, and a non-usage area (re- 
served area) exist within the redundant portion. The in- 
tegrity check values (ICV) of the sectors are stored in 
this reserved area. 

[0295] As shown in Fig. 31(c), the linking processing 
of the data portions by the file system of the device in 
the event that the ICVs are stored in the redundant por- 
tion can be made the same as the conventional data 
linking processing wherein data portions storing only 
that which is purely used as data are simply linked. Ac- 
cordingly, all that the file system of the device has to do 
is to simply link the data portion areas excluding the re- 
dundant portion, so no new processing whatsoever is 
necessary. 

[0296] According to the present configuration, the va- 
lidity of data can be verified in increments of sectors of 
the data which is made up of multiple sectors. Also, plac- 
ing the ICVs for tampering checking into the redundant 
portion allows the data area which can be used for data, 
to be used as it is. Also, only sectors that have been 
judged to be proper (not tampered with) as a result of 
ICV checking are transmitted to the control unit. Also, 
the ICV checking Is performed at the memory interface 
unit, so advantages are had such as there being no load 
on the control unit, 

[Contents key storing processing by individual keys 
within media] 

[0297] Next, the configuration for processing for sav- 
ing contents keys by individual keys with in the media 
will be described. As described with reference to Fig. 7, 
multiple contents keys (Kc_Encryptedxx) serving as en- 
cryption keys corresponding to sectors, and a contents 
check value generating key (Kicv_Encrypted), are en- 
crypted and stored in the security header configured 
corresponding to the contents. 
[0298] One of the forms of encryption of these keys is 
a configuration wherein these are encrypted by a distri- 
bution key Kdist which is stored in the memory unit 321 
(see Fig. 4) of the memory interface of the device be- 
forehand and stored. For example, Kc_EncryptedO = 
Enc(Kdist, Kc(0)). Here, Enc(a. b) indicates that the data 
is b encrypted by a. In this way, a configuration wherein 
the keys are encrypted using the distribution key Kdist 
of the device and stored in the security header, is one 



configuration. 

[0299] Further, with media 2, I.e., media which has an 
encryption processing unit and executes contents 
processing by executing mutual authentication with the 

5 device, there is a form wherein a contents key relating 
to content stored in the media 2, and ICV generating 
key. are encrypted using a unique key of the media 2. 
The following is a description of processing for storing 
the contents key and contents ICV generating key en- 

10 crypted using a unique key of the media 2, in this case 
the media 2 storing key Ksto. 

[0300] The media 2 storing key Ksto is stored in the 
internal memory 235 of the media 2 controller 231 of the 
media 2230, as shown in Fig. 2. Accordingly, the encryp- 
ts tion processing and decryption processing of the con- 
tents key and ICV generating key using the media 2 stor- 
ing key Ksto is executed at the media 2 side. At the time 
of the device mounted with the media 2 using contents 
in the media 2, in the event that obtaining of the contents 
20 key and ICV generating key, or storing processing to the 
security header, is to be executed, there is the need to 
execute encryption and decryption processing of the 
keys at the media 2 side. With the data processing de- 
vice according to the present invention, processing 
25 these with a CBC (Cipher Block Chaining) mode has 
been enabled. 

[0301] Fig, 32 illustrates the encryption processing 
configuration of the keys in the CBC mode. This encryp- 
tion processing is executed in the encryption processing 
30 unit 236 (see Fig. 2) of the media 2. The exclusive-OR 
of the initial value IV_keys stored in the internal memory 
235 and the contents check value generating key 
Kicv^cont is executed, the results thereof are subjected 
to OES encryption applying the stored key Ksto stored 
35 in the internal memory 235 of the media 2, and the re- 
sults are stored in the header as Kicv_cont Encrypted. 
Further, the exclusive-OR of Kicv_cont Encrypted and 
the sector-corresponding contents key Kc(0) corre- 
sponding to the sector (0) is executed, the results there- 
to of are subjected to DES encryption applying the stored 
key Ksto stored in the internal memory 235 of the media 
2. and the results are stored in the header as Kc(0) En- 
crypted, as one encrypted contents key. Further, the ex- 
clusive-OR of Kc(0) Encrypted and the sector-corre- 
45 spending contents key Kc(1 ) corresponding to the sec- 
tor (1) Is executed, the results thereof are subjected to 
DES encryption applying the stored key Ksto, and the 
results are taken as Kc(1 ) Encrypted. Subsequently, this 
processing is repeatedly executed, thereby obtaining 
50 key data for header storage. 

[0302] Next, the key decryption processing configura- 
tion in the CBC mode is shown in Fig. 33. This decryp- 
tion processing is executed in the encryption processing 
unit 236 (see Fig. 2) of the media 2. First. DES decryp- 
ts tion processing applying the stored key Ksto stored in 
the internal memory 235 of the media 2 is perfomied on 
Kc(0) Encrypted, and the exclusive-OR of the results 
thereof with the initial value IV_keys stored in the inter- 
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nai memory 235 outputs the sector-corresponding con- 
tents key Kc(0) corresponding to the sector (0). Further, 
DES decryption processing applying the stored key Ksto 
is performed on Kc(1) Encrypted, and the exclusive-OR 
of the results thereof with the contents key Kc(0) En- 
crypted outputs the sector-corresponding contents key 
Kc(1 ) corresponding to the sector (1 ). These processes 
are subsequently repeated, thereby obtaining the con- 
tents key. Now, while the drawing shows an example of 
only the contents key being the output data, the same 
processing can be applied for the contents Integrity 
check value generating key (Kicv_Encrypted), and a 
contents integrity check value generating key (Kiev) can 
be generated from the encrypted contents Integrity 
check value generating key (Kicv_Encrypted). 
[0303] In many cases, encryption and decryption 
processing of the above-described sector-correspond- 
ing contents key Kc(xx) or the contents integrity check 
value generating key (Kiev) Is executed based on com- 
mands from the device mounting the media 2. In this 
case, the above-described mutual authentication is ex- 
ecuted between the device and media 2. with various 
processing such as reproducing, storing, etc.. of con- 
tents being executed under the condition that the mutual 
authentication processing has been established, and 
the above-described contents key encrypting and de- 
crypting processing is executed as one of the series of 
contents processins. In the event of transferring a de- 
crypted key (e.g., contents key Kc(xx)) between the de- 
vice and media 2, this is encrypted with a session key 
Kses generated at the time of performing mutual au- 
thentication. The security of the encryption and decryp- 
tion processing using this session key Kses can also be 
heightened by applying the CBC mode. 
[0304] Fig. 34 illustrates the processing configuration 
for decrypting the key stored In the security header in 
the DES-CBC mode, and further encrypting the decrypt- 
ed key data in the DES-CBC mode applying the session 
key Kses, in the media 2. The upper part of Fig. 34 is 
the same configuration as that of Fig. 33, wherein the 
encrypted contents keys extracted from the security 
header are sequentially input to the DES decrypting unit 
where decrypting processing is performed applying the 
stored key Ksto of the media 2, the exclusive-OR is tak- 
en between the output results and an initial value or the 
previous data in the input data string, thereby obtaining 
a contents key as output results. 
[0305] Encryption processing is further executed with 
regard to the output results, in the DES-CBC mode ap- 
plying the session key Kses generated at the time of mu- 
tual authentication with the device. The SEC through 
SEM-1: Kc(0) Encrypted through Kc(M-1) Encrypted 
thus obtained are transmitted to the device. At the de- 
vice side, decryption processing in the DES-CBC mode 
in the same manner as with Fig. 33, applying the session 
key Kses generated at the time of mutual authentication 
with the media 2. is executed with regard to the received 
Kc(0) Encrypted through Kc(M-1) Encrypted, thereby 



enabling the contents key K(c) to be obtained. Now, 
while the figure illustrates an example wherein only the 
contents key is the processed data, the contents integ- 
rity check value generating key (Kicv_Encrypted) can 
5 be taken as processed data in the same way. 

[Encrypted data read-out process] 

[0306] The details of the processing for reading out 

10 encrypted data from the media will be described with 
reference to the flowcharts in Figs 35 on. Now, the data 
encryption forms include a form wherein encryption is 
made with different keys for each sector as described 
above, and the formed wherein the entire contents are 

15 encrypted with a single encryption key, these being 
judged based on the header information. In the flowchart 
in Fig. 35. the left side is the processing at the control 
unit of the device, and the right side Is that at the memory 
interface of the device. 

20 [0307] First, the control unit reads out the header file 
of the contents where the object of reading out (S701 ). 
This processing is executed as processing following the 
file read-out processing flow shown in Fig. 25 described 
above. Next, the header set command and the read out 

25 header file are transmitted to the memory interface 

(5702) . 

[0308] Upon receiving the header set command 

(5703) , the memory interface sets the busy flag to 1 
(busy) (S704), and verifies the integrity check value 

30 (lCV)of the header (S705). The ICV check of the header 
is executed by processing wherein the security header 
verification value generating key Kicv_sh and the initial 
value IVsh are applied to input the header configuration 
data in the ICV generating process described with ref- 

35 erence to Fig. 14 earlier to generate an ICV, and per- 
forming collation between the generated ICV and the 
ICV stored In the header beforehand. 
[0309] Upon a judgment being made by the verifica- 
tion that there is no tampering with the header (S706), 

40 a check is made regarding whether the valid revocation 
list version in the header is not 0 (S707). For example, 
In the event of storing contents in memory that have 
been generated and stored in the own device, process- 
ing wherein the revocation list version is set to 0 and the 

45 revocation list is not referenced at the time of reproduc- 
ing processing or the like. 

[0310] In the event that the revocation list version is 
0. there is no need to make reference to the revocation 
list, so the flow proceeds to step 8710. In the event that 

50 the version is not 0, a check is made regarding whether 
the revocation list currently set Is not older than the 
header version (8708). and in the event that it is older, 
the flow proceeds to 871 3, where the header set suc- 
cess flag is set to 0 (fail), and processing is ended. In 

55 the event that the set revocation list is older than the 
header version, the flow proceeds to step 8709, refer- 
ence is made to the revocation list, and judgment is 
made whether not there is the contents ID which is the 
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object of reading out. in the event that it is there, the 
header set success flag Is set to 0 (fail) In step S713 as 
processing for forbidding reading out, and the process- 
ing ends. 

[0311] In the event that the contents ID which Is the 
object of being read out is not recorded in the revocation 
list, the flow proceeds to step S710, for the contents key 
Kc and the contents check value generating key 
Kicv_cont encrypted based on the header information, 
to be decrypted. Now. as described in that activation 
flow in Fig. 16 earlier, the revocation list Is set up in the 
memory interface at the time of activation, and following 
set up, is capable of continuous usage at the memory 
interface at the time of mounting media or reproducing 
contents. 

[0312] First, as described with reference to Fig. 7 and 
other figures, multiple contents keys Kc(0) through Kc 
(M-1) are encrypted and stored in the security header, 
as encryption keys to be applied to each sector as de- 
scribed above. Also, the contents check value generat- 
ing key Kicv_cont for generating the integrity check val- 
ue (ICV) of the contents is also encrypted and stored. 
[031 3] Prior to decrypting of the contents, there is the 
need to perform processing for decrypting of the con- 
tents check value generating key Kicv_cont and execut- 
ing the tampering check of the contents, and also, the 
processing for decrypting the contents keys Kc(0) 
through Kc(l\/I-1 ) is necessary. 
[0314] Fig. 37 shows the decryption processing flow 
for the encrypted contents keys Kc and the contents 
check value generating key Kicv_cont. Description will 
proceed following the steps In Fig. 37. The processing 
in Fig. 37 is processing at the memory interface of the 
device. This is executed at the encryption processing 
unit 320 of Fig. 4. 

[031 5] First, the encrypted contents check value gen- 
erating key Kicv_cont is selected as the object of de- 
cryption (S801 ), and next, judgement is made regarding 
whether or not the Encryption Format Type field in the 
header Is set to 0 (S802). In the event that the encryption 
format is 0, the data configuration is of an encryption 
form wherein the entire contents are one regardless of 
sectors, and in the event that the setting of the Encryp- 
tion Format Type field is 1 , this is a method using en- 
cryption keys for increments of sectors, described 
above with reference to Fig. 27 and others. In the event 
of the method using encryption keys for increments of 
sectors, the fiow proceeds to step S803, and sets the 
encryption contents keys (Kc_EncryptedO through 31) 
set for each sector as the object of decryption. 
[0316] In the event that judgement is made in step 
S802 that the encryption fomriat is 0, the Encryption Al- 
gorithm field in the header is further checked in step 
S804, and judgment is made regarding whether this is 
1 (Triple DES) or 0 (single DES). In the event that this 
is single DES, only one encryption contents key 
(Kc_EncryptedO) is added to the object of decryption in 
step S805, and in the event that this is Triple DES. mul- 



tiple encryption contents keys (Kc_EncryptedO, 1) are 
added to the object of decryption In step S806. 
[0317] Next, in step S807, the settings of the Content 
Type field in the header are checked, and in the event 

5 that the settings are not 2 or 3 (stored contents of the 
media 2), a distribution key Kdist stored in the memory 
unit 321 (see Fig. 4) is used to decrypt the data that is 
the object of decryption, i.e., the encryption contents 
check value generating key Kicv_cont, and one or more 

10 contents keys, in step S808. 

[031 8] In the event that the settings are 2 or 3 (stored 
contents of the media 2), a stored key Ksto (CBC mode) 
of the media 2 is used to decrypt the data that is the 
object of decryption, i.e., the encryption contents check 

15 value generating key Klcv_cont, and one or more con- 
tents keys, in step S809. The details of this decryption 
processing Is already described with reference to Fig. 
32, Fig. 33, and Fig. 34. 

[0319] The decryption processing by the stored key 
20 of the media 2 to decrypt the encryption contents check 
value generating key Kicv_cont and one or more con- 
tents keys Kc will be described with reference to the 
flowchart in Fig. 38. In the flowchart in Fig. 38, the left 
side indicates the processing of the memory interface 
25 of the device, and the right side, that at the controller of 
the media 2 (see Fig. 2). 

[0320] First, the memory interface sets the data which 
is the object of decryption K(0) through K(n-1 ) (the en- 
cryption contents check value generating key Kicv_cont 

30 and one or more contents keys) (S1001), transmits a 
CBC decryption initialization command to the media 2 
controller (SI 003), and the media 2 controller sets 
IVkeys to the register (S1005). Subsequently, the mem- 
ory interface sequentially transmits the keys (S1004), 

35 and the media 2 controller receives the data that is the 
object of decryption K(i) (S1005). 
[0321] Next, the media 2 controller executes decryp- 
tion processing by the CBC mode, using this stored key 
Ksto of the media 2 with regard to the received data that 

40 is the object of decryption K(i) (51 007), and the decrypt- 
ed key data (e.g., contents keys corresponding to mul- 
tiple sectors) is obtained (S1008). Next, the media 2 
controller executes encryption processing in the CBC 
mode with the session key generated at the time of mu- 

45 tual authentication with the device, with regard to the 
decrypted key data stream, generates a data string K' 
(i), and transmits the results to the device (S1009). The 
processing in steps S1007 through S1009 is executed 
based on the processing in the DES-CBC mode de- 

50 scribed earlier with reference to Fig. 34. 

[0322] The memory interface of the device sequen- 
tially receives K^i). and following confirmation that all 
data has been received, transmits a CBC end command 
to the media 2 controller. Upon receiving the CBC end 

55 command, the media 2 controller clears the register 
(S1014). 

[0323] The memory interface of the device decrypts 
K'(i) received from the media 2 in the CBC mode apply- 
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ing the session key Kses generated at the time of mutual 
authentication with media 2, using the initial value 
IV_keys stored in the memory unit 321 (see Fig, 4) 
(S1010 through S1G13 and S1015). This decryption 
processing is processing with the same configuration of 5 
that described with reference to Fig. 33 earlier 
[0324] The device can decrypt the contents keys Kc 
and the contents check value generating key Kicv__cont 
encrypted and stored in the header with the above 
processing, to obtain the keys of each. 
[0325] Returning to Fig. 35. the rest of the read-out 
processing of the encrypted files wiil be described. Upon 
ending S710 which is the above-described key decryp- 
tion processing step, the flow proceeds to step S711 . In 
step S711 , the memory interface of the device sets the 
header internally as a "read-out header", sets the head- 
er set success flag to 1 (success), and sets the busy flag 
to 0 (ready) (S714). At the time of reading out contents, 
processing based on the information of the set header 
is executed. 

[0326] On the other hand, the control unit side trans- 
mits a status read-out command to the memory inter- 
face In step S715, and proceeds to the next processing 
(Fig. 36) under the condition that the busy flag is 0 
(ready) (S716), and that the header set success flag is 
1 (success) (S717). 

[0327] In step S721 , in Fig. 36, the control unit obtains 
the sector addresses (S(1 ) through S(k)) of the contents 
file which is the object of reading out from the file allo- 
cation table, and it sequentially transmits sector S(i) 
read-out commands to the memory interface. 
[0328] Upon receiving the sector S(i) read-out com- 
mands (S724), the memory interface sets the busy flag 
to 1 (busy) (S725), and moves to the next step under 
the condition that the headers success flag is 1 (suc- 
cess) (S726). In the event that the header success flag 
is not 1 (success), the flow proceeds to step S738, and 
the read-out success flag is set to 0 (fail) and the 
processing ends. 

[0329] In the event that the header success flag is 1 
(success), judgment is made whether the received sec- 
tor S{i) is internal memory or extemal memory (S727), 
and in the event that this is extemal memory, the judg- 
ment is made whether the set flag of the media 1 or me- 
dia 2 is 1 (indicating that the media is set to valid) (S728), 
and in the event that the set flag is 1 , further makes ref- 
erence to the block permission table (BPT), and judg- 
ment is made whether or not the BPT has this sector S 
(i) which is the object of reading out to set as a block 
regarding which reading out is permitted (S729). In the 
event that there is the read-out permission block sitting 
in the BPT, the data at this sector Is read out from the 
external memory (S730). 

[0330] Now, in the event that the data to be read out 
is data in the internal memory which is not managed by 
the BPT, the steps S728 and S729 are skipped. In the 
event that the judgment made in steps S728 and S729 
is No, i.e., in the event that the set flag of the media 



storing this sector S(i) is not 1 , or in the event that a 
read-out permission is not set in the BPT for the sector 
S(i). the flow proceeds to step S738, and the read-out 
success flag is set to 0, as a read-out error 
[0331] In the eventthat judgement is made in the judg- 
ment blocking in steps S726 through S729 that reading 
out of the object sector S(i) is executable, this sector is 
read out from the memory, error correction processing 
based on the error correction code in a redundant por- 
tion set corresponding to the sector is executed (S731 ), 
and confirmation is made that that error correction has 
succeeded (S732). Next, reference is made to the ICV 
flag of the header (see Fig. 7), and judgment is made 
regarding whether or not the sector to be read out is the 
object of processing by integrity check value (ICV). As 
described with reference to Fig. 31 earlier, each sector 
stores an ICV in the redundant portion thereof for tam- 
pering checking, so tampering checking in Increments 
of sectors can be performed. 

[0332] In the event that this Is the object of tampering 
checking by ICV, In step S734 the contents check value 
generating key Kicv_cont obtained by the decryption 
processing in step S710 and the initial value IVcont are 
applied to input data which is the object of tampering 
checking (sector data) and execute the ICV generation 
processing described with reference to Fig. 14, ICV is 
obtained, collation is performed with the ICV stored In 
the redundant portion of the sector, and in the event that 
these match, a no-tampering judgement is passed. 
[0333] In the event that a no-tampering judgement is 
passed by the ICV check, the flow proceeds to step 
S737, processing for decrypting the data based on the 
header information is executed and the read-out suc- 
cess flag is set to 1 (success), and the decrypted data 
is stored in the buffer 

[0334] Also in steps S740 through S746, the control 
unit reads out the status of the memory interface, and 
in the state that the busy flag is 0, the addresses are 
sequentially incremented and processing of extracting 
the data sequentially from the buffer and saving is re- 
peatedly executed under the condition that the read-out 
success flag is 1, and following saving of ail sectors to 
be read out, the file is configured from all of the read out 
sector data, and the processing ends. 
[0335] Details of the data portion decrypting process- 
ing in step S736 in Fig. 36 will be described with refer- 
ence to Fig. 39. This decryption processing is executed 
at the encryption processing unit 320 (see Fig. 4) of the 
memory interface of the device. 
[0336] First, the sector position for storing the data 
which is the object of decrypting is set to s (wherein 0 < 
s < 31 (in the event that the number of sectors is 32)). 
Next, whether or not the sector is the object of encryp- 
tion is checked (S1102). This check is judged based on 
the Encryption Flag in the security header (see Fig. 7), 
In the event that this is not the object of encryption, de- 
cryption processing is not executed, and the processing 
ends. In the event that this is the object of encryption, 
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the encryption format type is checked (S 1 1 03). This con- 
sists of checking the settings of the Encryption Format 
Type within the security header, and judgment is made 
regarding whether the encryption format is one for all 
the contents as described in Fig. 8, or whether the en- 5 
cryption processing uses different keys for each sector. 
[0337] In the event that the setting value of the En- 
cryption Format Type is 0, this is a case wherein the en- 
cryption format is one for all the contents. In this case, 
the Encryption Algorithm is judged in step S1104. Either 
single DES or triple DES (see Fig. 28) is set for the en- 
cryption algorithm, and in the event that this is judged 
to be single DES. decryption processing of the encrypt- 
ed contents is executed using one contents key Kc(0) 

(51106) . In the event that this is judged to be at Triple 
DES, decryption processing of the encrypted contents 
is executed applying two contents keys Kc(0) and Kc(1 ) 

(51107) . 

[0338] On the other hand, in the event that the setting 
value of Encryption Format Type is 1 in step S1 1 03, this 
is a case wherein the encryption processing uses differ- 
ent keys for each sector. In this case, the Encryption 
Algorithm is judged in step S1105. Either single DES or 
triple DES (see Fig. 28) is set for the encryption algo- 
rithm, and in the event that this is judged to be single 
DES, decryption processing of the encrypted contents 
is executed applying a contents key Kc(s) set corre- 
sponding to each sector (S1108). In the event that this 
is judged to be at Triple DES, decryption processing of 
the encrypted contents of each sector is executed ap- 
plying two contents keys Kc(s) and Kc(s+1mod32) 
(S1109). 

[0339] A different processing form of decryption 
processing of the sector data is shown In Fig. 40. In Fig. 
40, steps S1201 through S1208 are the same as the 
steps S1101 through S1108 in Fig. 39. The steps S1209 
through S1211 differ from those In Fig. 39. 
[0340] In step S1 205, in the event that the encryption 
algorithm is judged to be a triple DES, the sector No. (s) 
is judged in step S1209, and in the event that s is an 
odd number, updating of s = s - 1 is executed (S1210), 
and in encryption processing by triple DES is executed 
with the keys to be applied to the sectors as Kc(s) and 
Kc(s+1)(S1211). 

[0341] Thus, reproduction processing is accompa- 
nied by a decryption processing of data that has been 
encrypted and stored is executed by the processes de- 
scribed with reference to Fig. 35 through Fig. 40. 

[Data encryption write-in processing] 

[0342] Next, the details of the encryption write-in 
processing process of data to the media will be de- 
scribed using the flowcharts from Fig. 41 on. Note that, 
as described above, there is the form of data encryption 
wherein encryption is performed with a different key for 
each sector, and the form wherein all contents are en- 
crypted with a single encryption key. These are set in 



the header information. In the flowchart in Fig. 41, the 
left side Is the processing of the control unit of the de- 
vice, and the right side is that at the memory interface 
of the device. 

[0343] First, the control unit transmits a header gen- 
eration command con^espondlng to the stored contents 
which are the object of reading out, and parameters 
serving as header information, to the memory interface 
(S1301). 

[0344] Upon receiving the header generation com- 
mand (SI 302), the memory interface sets the busy flag 
to 1 (busy) (SI 303), and judges whether not the re- 
ceived parameters are within a tolerance value (SI 304). 
The memory interface has a parameter range that is set- 
table in the header beforehand, so comparison Is made 
with the received parameters, and in the event that re- 
ceived parameters exceed the settable range, in step 
SI 31 0 sets the header generation success flag to 0 (fail) 
and ends the processing. In the event that the received 
parameters are within the tolerance value, the valid rev- 
ocation list version of the header is set to 0 (SI 305), 
enabling data processing with no reference to the revo- 
cation list. The reason that the valid revocation list ver- 
sion is set to 0, is to perform settings enabling data 
processing (reproduction) with no reference to the rev- 
ocation list, under the presumption that contents sub- 
jected to storage processing with own device are guar- 
anteed to be valid contents. 

[0345] Also, in the event that the write-in contents are. 
for example, contents received externally via communi- 
cation means, and in the event that an identifier is added 
to the received contents and the revocation list version 
is stored in the header and collation with a revocation 
list within the device is possible, identifier collation 
processing using the revocation list may be performed 
in the same manner as the steps S707 through S709 
executed in the final decryption read-out processing de- 
scribed eariier with reference to Fig. 35, instead of the 
above-described processing. 

[0346] Next, in step S1306, the contents key Kc and 

the contents integrity check value (ICV) generating key 
Kicv_cont are generated and encrypted. Fig. 43 illus- 
trate the details of the generation and encryption 
processing of the contents key Kc and the contents in- 
tegrity check value (ICV) generating key Kicv_cont in 
step SI 306. The processing in Fig. 43 is executed at the 
memory interface encryption processing unit 320 (see 
Fig. 4) of the device. The flowchart in Fig. 43 will be de- 
scribed. 

[0347] First, an encrypted contents check value gen- 
erating key Kicv_cont is generated based on a random 
number, for example, made to be an object of encryption 
(SI 401), and next, judgement is made regarding wheth- 
er or not the Encryption Format Type field Is set to 0 in 
the header (SI 402), In the event that the encryption for- 
mat is 0, this is a configuration wherein the entire con- 
tents are encrypted with one form regardless of sectors, 
and In the event that the settings of the Encryption For- 
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mat Type field are 1 , this is a method using encryption 
keys in increments of sectors as described earlier with 
reference to Fig. 27 and other figures. In the event of 
using encryption keys in increments of sectors, the flow 
proceeds to step S1403, and contents keys set for each 
sector (Kc(0) through Kc(31) (in the event that the 
number of sectors is 21 )) are generated and made to be 
the object of encryption. 

[0348] In the event that judgement is made in step 
S1404 that the encryption format is 0, the Encryption 
Algorithm field in the header is further checked in step 

51404, and judgment is made regarding whether this is 

1 (Triple DES) or 0 (single DES). In the event that this 
is single DES, one encryption contents key (Kc(0)) is 
generated and added to the object of encryption in step 

51405, and in the event that this is Triple DES, multiple 
encryption contents keys (Kc(0), Kc(1)) are generated 
and added to the object of encryption in step 81406. 
[0349] Next, in step S1407, the settings of the Content 
Type field in the header is checked, and in the event that 
the settings are not 2 or 3 (media 2 stored contents), in 
step S1408, the distribution key Kdist stored in the mem- 
ory unit 321 (see Fig. 4), is used to encrypt the data, i. 
e., the contents check value generating key Kicv_cont 
and one or more contents keys. 

[0350] In the event that the settings are 2 or 3 (media 

2 stored contents), the data, i.e., the contents check val- 
ue generating key Kicv_cont and one or more contents 
keys are encrypted with the stored key Ksto (CBC 
mode) of the media 2 in step SI 409. The details of this 
encryption processing are as described with reference 
to Fig. 32. Figs 33, and Fig. 34. 

[0351] The encryption processing of the contents 
check value generating key Kicv_cont and one or more 
contents keys by the stored key of the media 2 in step 
SI 409 will be described with reference to the flowchart 
shown in Fig. 44. In the flowchart in Fig. 44, the left side 
indicates the processing of the memory interface of the 
device, and the right side, that at the controller of the 
media 2 (see Fig. 2). 

[0352] First, the memory interface at the device side 
sets the data to be encrypted K(0) through K(n-1) (the 
contents check value generating key Kicv_cont and one 
or more contents keys) (SI 501 ), applies the session key 
generated at the time with mutual authentication with the 
media 2, executes encryption of the data to be encrypt- 
ed K(0) through K(n-1) in the DES-CBC mode using the 
initial value lV_keys stored in the memory unit 321 , and 
generates data K'(0) through K'(n-I) (SI 502), This en- 
cryption processing is executed by processing configu- 
ration the same as that of Fig. 32 described eariier. Next, 
a memory interface transmits a CBC encryption initiali- 
zation command to the media 2 controller. The media 2 
sets the initial value IV_keys stored within the media 2. 
in the register (SI 506). Subsequently, the memory in- 
terface sequentially transmits the keys (SI 505). 
[0353] The media 2 controller receives the data K'(i) 
(SI 507), executes decryption processing on the re- 



ceived data K*(i) in the CBC mode with a session key 
generated with mutual authentication with the device 
(SI 508), and obtains the decrypted key data (e.g., con- 
tents keys corresponding to multiple sectors) (S1509). 

5 Next, the media 2 controller executes encryption 
processing of the decrypted key data string in the CBC 
mode using the stored key Ksto of the media 2, gener- 
ates a data string K"(i). and transmits the results to the 
device (S1510), The processing in steps SI 507 through 

10 S1510 is executed based on the processing in the 
DES-CBC mode in Fig. 34 described eariier. 
[0354] The memory interface of the device sequen- 
tially receives K"(i), and following confimnation that all 
data has been received, transmits the CBC end com- 

15 mand to the media 2 controller (SI 511 through S1514). 
Upon reception of the CBC end command, the media 2 
controller clears the register (S1515). 
[0355] The memory interface of the device takes the 
K"(0) through K"(n-1) received from the media 2 as the 

20 encryption key data for header storage. Due to the 
above processing, the device can obtain the encrypted 
contents key Kc and contents check value generating 
key Kicv_cont to be stored in the header. 
[0356] Returning to Fig. 41 , description of the file en- 

25 cryption write-in processing will be continued. Upon 
generation and encryption of the above-described 
header storage keys ending in step S1306, the memory 
interface generates an integrity check value ICV based 
on the generated header data (S1307). ICV_sh which 

30 is the check value of the security header is generated 
based on the ICV generating configuration described 
eariier with reference to Fig. 14, using the initial value 
IVsh stored in the memory unit 321 (see Fig. 4), and the 
security header integrity check value generating key 

35 Kicv_sh. Next, in step SI 308, the generated header is 
saved internally as a write-in header, and-the process- 
ing ends in step S1309 with the header generating its 
success flag at 1 (success) and the busy flag at 0 
(ready). 

40 [0357] On the other hand, the control unit side trans- 
mits the status read-out command to the memory Inter- 
face in step SI 31 2, reads the header out of the buffer 
under the conditions that the busy flag is 0 (ready) 
(SI 31 3) and the header generating success flag is 1 

45 (success) (SI 31 4), and saves to the media as a normal 
file (S1350), following which the flow proceeds to the 
next processing (Fig. 42). 

[0358] In step S1 321 in Fig. 42. the control unit divides 
the contents file to be written in, into sectors. The divided 

50 data will be denoted with D(1 ) through D(k). The control 
unit sets writing sectors S(i) for the data D(i) next, and 
sequentially transmits an encryption write-in command 
for the sector S(i) and the data D(i) to the memory inter- 
face (S1 31 2 through SI 324). Upon receiving the sector 

55 S(i) encryption write-in command (SI 325), the memory 
interface sets the busy flag to 1 (busy) (SI 326). and pro- 
ceeds to the next step under the conditions that the 
header generating success flag is 1 (success) (S1327). 
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[0359] Next, the memory interface judges whether the 
received sector S(i) is internal memory or external mem- 
ory (S1328). and in the event that this is external mem- 
ory, judgement is made regarding whether the set flag 
for the media 1 or media 2 is 1 (indicating that the media 
is set to valid) (S1329), and in the event that the set flag 
is 1 , further, reference is made to the block permission 
table (BPT), in judgment is made regarding whether or 
not the BPT has set the sector S(i) which is the object 
of writing as a write-in permitted block (S1330). In the 
event that there are settings in the BPT as a write-in 
permitted block, and error correction code set corre- 
sponding to the sector, is generated (S1331). 
[0360] Next, judgment is made regarding whether or 
not the write-in sector is an ICV setting sector, based on 
header infomiation (ICV flag) (S1332), and in the event 
that this is the object of ICV. the ICV for the sector data 
is generated based on the contents ICV generating key 
Kicv.cont (S1333). 

[0361] Next, the memory Interface executes encryp- 
tion of data based on the header information (S1334). 
The details of this data encryption processing in step 
S1334 will be described with reference to Fig. 45. This 
encryption processing is executed at the encryption 
processing unit 320 (see Fig. 4) of the memory interface 
of the device. 

[0362] First, the sector position for storing the data 
which is the object of encrypting is set to s (wherein 0 < 
s < 31 (in the event that the number of sectors is 32)) 
(S1601). Next, a check Is made regarding whether the 
sector is the object of encryption (S1 602). This check is 
judged based on the Encryption Flag in the security 
header (see Fig. 7). In the event that this is not the object 
of encryption, encryption processing is not executed, 
and the processing ends. In the event that this is the 
object of encryption, the encryption format type is 
checked (S1603). This consists of checking the settings 
of the Encryption Format Type within the security head- 
er, and judgment is made regarding whether the encryp- 
tion format is one for all the contents as described in Fig. 
8, or whether the encryption processing uses different 
keys for each sector. 

[0363] In the event that the setting value of the En- 
cryption Format Type is 0, this is a case wherein the en- 
cryption format is one for all the contents. In this case, 
the Encryption Algorithm is judged in step S1604. Either 
single DES or triple DES (see Fig. 28) is set for the en- 
cryption algorithm, and In the event that this is judged 
to be single DES, encryption processing of the encrypt- 
ed contents is executed using one contents key Kc(0) 

(51606) , In the event that this is judged to be Triple DES, 
encryption processing of the encrypted contents is ex- 
ecuted applying two contents keys Kc(0) and Kc(1) 

(51607) . 

[0364] On the other hand, in the event that the setting 
value of Encryption Format Type is 1 in step S1603, this 
is a case wherein the encryption processing uses differ- 
ent keys for each sector. In this case, the Encryption 



Algorithm is judged in step S1605. Either single DES or 
triple DES (see Fig. 28) Is set for the encryption algo- 
rithm, and in the event that this is judged to be single 
DES, encryption processing of the encrypted contents 

5 Is executed applying a contents key Kc(s) set con-e- 
sponding to each sector (S1608). In the event that this 
is judged to be Triple DES, encryption processing of the 
encrypted contents of each sector is executed applying 
two contents keys Kc(s) and Kc(s+1mod32) (S1609). 

10 [0365] A different processing form of decryption 
processing of the sector data is shown In Fig. 46. In Fig. 
46, steps S1701 through S1708 are the same as the 
steps S1 601 through SI 608 in Fig. 45. The steps SI 709 
through S1711 differ from those in Fig. 45. 

15 [0366] In step 81 705, in the event that the encryption 
algorithm is judged to be triple DES. the sector No. (s) 
is judged in step SI 709, and in the event that s is an 
odd number, updating of s = s - 1 is executed (S1710), 
and in decryption processing by triple DES is executed 

20 with the keys to be applied to the sectors as Kc(s) and 
Kc(s+1)(S1711). 

[0367] Returning to fig. 42, description of the file en- 
cryption write-in processing flow will be continued. Upon 
the encryption processing step (S1334) of the data por- 

25 tion ending by the above-described processing, an error 
correction code is generated for the data portion 
(S1335), and the redundant portion having the encrypt- 
ed data D(i) and the Integrity check value ICV con^e- 
sponding to the sector data and the error correction 

30 code, is written to the media (S1 336), the write-In suc- 
cess flag is set to 1 (success) (S1337), and the busy flag 
is set too (ready) (SI 339). 

[0368] Now, in the event that the data to be written in 
is write-in processing to the internal memory which is 
35 not managed by the BPT, the steps SI 329 and SI 330 
are skipped. In the event that the judgment made in 
steps 1329 and SI 330 Is No, i.e., in the event that the 
set flag of the media is not 1 , or in the event that a write- 
in permission is not set in the BPT for the sector S(i), 
40 the flow proceeds to step SI 338, and the write-in suc- 
cess flag is set to 0, as a write-in error. 
[0369] Also, in steps SI 341 through S1345, the status 
of the memory interface is read out by the control unit, 
and in the state that the busy flag is 0, the addresses 
45 are sequentially incremented and the write-in data Is se- 
quentially transmitted to the memory interface under the 
condition that the write-in success flag is 1. Following 
ending of all processing, updating processing of the file 
allocation table is executed (S1346), the updated file al- 
so location table is transmitted to the memory Interface 
along with an updating command (SI 347), and the 
memory interface executes the processing of writing in 
the file allocation table according to the command 
(S1340). 

55 [0370] Encryption of data and processing for storing 
to media, is executed by the processing described 
above with reference to Fig. 41 through Fig. 46. 
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[Updating a revocation list] 

[0371] Next, description will be made regarding the 
processing for updating a revocation list, as invalid in- 
formation for unauthorized media and contents. As de- 5 
scribed above, the revocation list according to the 
present Invention is configured of identifiers (IDs) of mul- 
tiple types (e.g., media and contents). Multiple types of 
contents and media can be revoked with a single revo- 
cation list, by providing multiple types of IDs in a revo- io 
cation list which is invalid information of contents and 
media, and collation thereof is performed as differing op- 
erations. Use of unauthorized media and reading out of 
unauthorized contents can be forbidden executing col- 
lation between the identifier (ID) of the media used or 15 
contents used, and IDs listed in the revocation list at the 
memory interface unit, at the time of inserting the media 
or reading out the contents. 

[0372] As described earlier, a revocation list version 
is set In a revocation list, and the revocation list is up- 20 
dated in the event of adding new invalid information of 
unauthorized media or contents, or the like. 
[0373] Fig. 47 illustrates a flowchart for the updating 
processing of the revocation list. In Fig. 47, the left side 
is the control unit of the device, and the right side is the 25 
memory interface of the device. 
[0374] First, upon receiving the updating revocation 
list from the communication unit 201 (see Fig. 2) 
(S1801), the control unit transmits an updating revoca- 
tion list check command and the received updating rev- 30 
ocation list, to the memory interface (S1802). 
[0375] Upon receiving the updating revocation list 
check command and updating revocation list from the 
control unit (S1803), and memory interface sets the 
busy flag to 1 (busy) (S1 804), and generates an integrity 35 
check value (ICV) generating key Kicv_rl for the revo- 
cation list (S 1805). 

[0376] The integrity check value (ICV) generating key 
Kicv_rl for tampering checking of the revocation list is 
generated based on the master key MKicv_rl for gener- ^0 
ating the ICV key for the revocation list stored within the 
device beforehand, the initial value IVicv_rl for when 
generating the ICV key of a revocation list, and the rev- 
ocation list version contained in the attributes informa- 
tion of the revocation list. Specifically, the integrity check ^5 
value (ICV) generating key is generated based on the 
integrity check value (ICV) generating key Kicv_rl = DES 
(E, MKicv_rl, Version'^IVicv_rl). What this equation 
means is that encryption processing Is executed in the 
DES mode with the master key MKicv_rl, on the exclu- 50 
sive-OR of the Version and the initial value (IVicv_rl). 
[0377] Next, the memory interface generates an ICV* 
of the revocation list using the integrity check value 
(ICV) generating key Kicv_rl (SI 806), and executes col- 
lation processing ICV = ICV? with the correct ICV stored 55 
in the revocation list beforehand (SI 807). The generat- 
ing processing of the ICV is performed by processing 
applying the integrity check value (ICV) generating key 



Kicv_rl, using the initial value IVrl. based on the DES 
mode described earlier with Fig. 14. 
[0378] In the event that ICV = ICV holds (Yes in 
S1 807), judgement is made that the revocation list is val- 
id with no tampering, the flow proceeds to step S1808, 
the version (i) of the revocation list currently set is com- 
pared with updating revocation list version (j) (SI 809), 
and in the event that the updating revocation list version 
is newer, the valid flag for the updating revocation list is 
set to 1(S1810), the busy flag is set to 0 (S1811), and 
the processing Is ended. 

[0379] On the other hand, the control unit transmits 
the status read-out command to the memory interface 
(S1812), confinms that the busy flag is 0(S1813), and in 
the event that updating revocation list of valid flag is 1 
(S1814), saves the updating revocation list in the inter- 
nal memory as a normal file (S1 81 5). The revocation list 
stored in the internal memory is read out when checking 
at the time of processing contents or mounting media. 
[0380] Now, the present invention has been described 
with reference to a particular embodiment. However, it 
is self-evident that one skilled in the art can make vari- 
ous modifications and substitutions to the embodiment 
without departing from the scope or spirit of the present 
invention. In other words, the present invention has 
been disclosed in the form of an example, and the em- 
bodiment should not be interpreted restrictively. The 
scope of the present invention is to be determined solely 
by the claims given at the beginning. 

Industrial Applicability 

[0381] Thus, as described above, according to the da- 
ta reproducing device, data recording device, and data 
reproducing method, data recording method, and list up- 
dating method, according to the present invention, ver- 
sion information Is set In the revocation list, so at the 
time of reading out the contents, the version of the rev- 
ocation list which the device cun-ently holds and the ver- 
sion of the valid revocation list In the header are com- 
pared, and in the event that the version of the revocation 
list currently being held is older, reading out of the con- 
tents is cancelled. Consequently, the contents cannot 
be read out unless the revocation list is updated, so un- 
authorized use of contents using an old revocation list 
can be revoked. 

[0382] Further, according to the data reproducing de- 
vice, data recording device, and data reproducing meth- 
od, data recording method, and list updating method, 
according to the present invention, an updating revoca- 
tion list received from a communication path for exam- 
ple, Is compared with the version information of the cur- 
rent revocation list, in the updating processing of the rev- 
ocation list as well, and updating of the revocation list is 
permitted only in the event that judgment is made that 
the updating list is a newer revocation list, so processing 
wherein the list is illegally replaced with an old list can 
be prevented. 
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[0383] Further, accx>rding to the data reproducing de- 
vice, data recording device, and data reproducing meth- 
od, data recording method, and program providing me- 
dium, according to the present invention, a revocation 
list is set up to a memory interface, and following the set 
up can be consecutively used at the memory interface 
when mounting media or when reproducing contents, 
which does away with the need for processing such as 
repeatedly reading out from the internal memory at the 
time of using contents, so processing is efficiently exe- 
cuted. 

[0384] Further, according to the data reproducing de- 
vice, data recording device, and data reproducing meth- 
od, data recording method, and program providing me- 
dium, according to the present invention, a revocation 
list is set up to a memory interface, and following the set 
up can be consecutively used at the memory interface 
when mounting media or when reproducing contents, 
and also multiple types of IDs which are the object of 
revolting, i.e., media IDS and contents IDs are provided, 
with collation processing using a single revocation list 
being made executable at the device side for each, so 
multiple contents and media can be revoked with a list 
that is set in the memory interface once, so the refer- 
encing processing of the revocation list at the memory 
interface unit at the time of inserting media or reading 
out contents is effectively executed, and use of unau- 
thorized media and reading out of unauthorized con- 
tents can be effectively forbidden. 
[0385] Further, according to the data reproducing de- 
vice, data recording device, and data reproducing meth- 
od, data recording method, and program providing me- 
dium, according to the present invention, identifiers of 
both media and contents, which are different categories, 
are stored in a revocation list, so revocation of both un- 
authorized media and unauthorized contents can be ex- 
ecuted based on a single revocation list, so the revoca- 
tion lists held at the device side are lessened, and the 
processing at the device side when mounting media and 
using contents Is lightened. 

[0386] Further, according to the data reproducing de- 
vice, data recording device, and data reproducing meth- 
od, data recording method, and program providing me- 
dium, according to the present invention, multiple types 
of IDs which are the object of revolting, i.e., media IDs 
and contents IDs are provided to a revocation list which 
is invalid information of contents and media, and colla- 
tion processing thereof can be performed as differing 
operations at the device side of each, e.g., collation with 
a media identifier at the time of mounting media, and 
collation with a contents identifier at the time of repro- 
ducing contents, so multiple types of media and con- 
tents can be revoked with a single revocation list, so the 
referencing processing of the revocation list at the mem- 
ory interface unit at the time of inserting media or read- 
ing out contents is effectively executed, and use of un- 
authorized media and reading out of unauthorized con- 
tents can be effectively forbidden. 



Claims 

1. A data reproducing device for executing reproduc- 
ing processing of contents stored in data storing 

5 means, said data reproducing device comprising: 

internal memory for storing a revocation list 
which is a list storing an identifier of at least one 
of data storing means or contents which are the 
10 object of forbidding processing, said list having 

version information Indicating the newness of 
the list; and 

a controller for executing comparison process- 
ing between a valid revocation list version 

15 Stored in header information of contents which 

are the object of reproducing, and the version 
of a revocation list stored in said internal mem- 
ory, and performs processing accompanying 
the reproducing of said contents which are the 

20 object of reproducing, under the condition of 

confirmation that the version of the revocation 
list stored in said internal memory is not older 
than the version set in the header information 
of said contents which are the object of repro- 

25 ducing. 

2. A data reproducing device according to Claim 1, 
wherein said controller has a configuration for exe- 
cuting, as processing accompanying said reproduc- 

30 ing, comparison processing between an identifier of 
at least one of data storing means or contents 
stored in a revocation list stored in said internal 
memory and an identifier of contents which are the 
object of reproducing, or an identifier of data storing 

35 means storing the contents which are the object of 
reproducing; 

and is of a configuration of executing process- 
ing for canceling data reproduction in the event that 
an identifier of at least one of data storing means or 

40 contents stored in a revocation list and an identifier 
of contents which are the object of reproducing, or 
an identifier of data storing means storing the con- 
tents which are the object of reproducing, match in 
said comparison processing. 

45 

3. A data reproducing device according to Claim 1 , 
wherein said controller has a memory interface for 
executing accessing to said data storing means, 
and a control unit for executing control of said mem- 

50 ory interface; 

and wherein said memory interface is of a 
configuration for executing comparison processing 
between a version of a valid revocation list stored 
in the header information of the contents which are 

55 the object of reproducing, and the version of a rev- 
ocation list stored in said intemal memory, based 
on a data reproduction request command from said 
control unit. 
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4 

4. A data reproducing device according to Claim 1 , 
wherein said controller has a configuration for exe- 
cuting comparison processing between the version 
of an updating revocation list which is externally re- 
ceived, and the version of arevocation list which has s 
already been stored in said internal memory, and 
executing updating processing of the revocation list 

by said updating revocation list under the condition 
of confirmation that the version of the revocation list 
stored in said internal memory is newer than said 10 
updating revocation list. 

5. A data reproducing device according to Claim 4, 
wherein said controller has a configuration for exe- 
cuting a data tampering check with regard to an ex- 15 
ternally received updating revocation list, based on 

a data integrity check value (ICV), and for executing 
updating processing of the revocation list by said 
updating revocation list, based on a no data tam- 
pering judgment. 20 

6. A data recording device for executing recording 
processing of contents to be stored in data storing 
means, said data recording device comprising: 

25 

internal memory for storing a revocation list 
which is a list storing an identifier of at least one 
of data storing means or contents which are the 
object of forbidding processing, said list having 
version information indicating the newness of 30 
the list; and 

a controller for executing processing for setting 
a setting value specifying reproduction 
processing execution by non-reference to the 
revocation list, as a valid revocation list version 35 
to be stored in header information of contents 
which are the object of recording, and execut- 
ing contents storing processing to said data 
storing means. 

40 

7. A data recording device according to Claim 6, 
wherein said controller has a memory interface for 
executing access to said data storing means, and 
a control unit for executing control of said memory 
Interface; -^5 

wherein said memory interface is of a config- 
uration for executing processing for setting the ver- 
sion of a valid revocation list to be stored in the 
header information of contents v^ich are the object 
of recording, as a setting value capable of reproduc- 50 
tion executing by non-reference to the revocation 
list, based on a header information generating com- 
mand accompanying data recording from said con- 
trol unit. 

55 

8. A data recording device according to Claim 6. 
wherein said controller has a configuration for exe- 
cuting comparison processing between the version 



of an updating revocation list which is externally re- 
ceived, and the version of a revocation list which 
has already been stored in said internal memory, 
and executing updating processing of the revoca- 
tion list by said updating revocation-list under the 
condition of confirmation that the version of the rev- 
ocation list stored in said internal memory is newer 
than said updating revocation list. 

9. A data recording device according to Claim 8, 
wherein said controller has a configuration for exe- 
cuting a data tampering check with regard to an ex- 
ternally received updating revocation list, based on 
a data integrity check value (ICV), and for executing 
updating processing of the revocation list by said 
updating revocation list, based on a no data tam- 
pering judgment. 

10. A data reproducing method for a data reproducing 
device for executing reproducing processing of data 
stored in data storing means, said method compris- 
ing: 

a comparing step for executing comparison 
processing between a valid revocation list ver- 
sion stored in header information of contents 
which are the object of reproducing, and the 
version of a revocation list stored in internal 
memory of said data reproducing device; and 
a reproduction-related processing executing 
step for performing processing accompanying 
the reproducing of said contents which are the 
object of reproducing, under the condition of 
confirmation that the version of the revocation 
list stored in said internal memory is not older 
than the version set in the header information 
of said contents which are the object of repro- 
ducing. 

11. A data reproducing method according to Claim 10, 
wherein said reproduction-related processing exe- 
cuting step contains a step for executing compari- 
son processing between an identifier of at least one 
of data storing means or contents stored in a revo- 
cation list stored in said internal memory and an 
identifier of contents which are the object of repro- 
ducing, or an identifier of data storing means storing 
the contents which are the object of reproducing; 
and 

a step for executing processing for canceling 
data reproduction in the event that an identifier of 
at least one of data recording means or contents 
stored in said revocation list and an identifier of con- 
tents which are the object of reproducing, or an 
identifier of data storing means storing the contents 
which are the object of reproducing, match in said 
comparison processing. 



73 EP 1 235 380 A1 74 



12. A data reproducing method according to Claim 10, 
wherein said data reproducing device has a mem- 
ory interface for executing accessing to said data 
storing means, and a control unit for executing con- 
trol of said memory interface, 

said data reproducing method further com- 
prising: 

a step for transmitting a data reproduction re- 
quest command to said memory interface from 
said control unit; and 

a step for executing comparison processing be- 
tween a version of a valid revocation list stored 
in the header information of the contents which 
are the object of reproducing, and the version 
of a revocation list stored in said internal mem- 
ory, based on reception of said data reproduc- 
tion request command at said memory inter- 
face. 

13. A data recording method for executing recording 
processing of contents to be stored in data storing 
means, said method comprising: 

a step for executing processing for setting a 
setting value specifying reproduction process- 
ing execution by non-reference to the revoca- 
tion list, as a valid revocation list version to be 
stored in header information of contents which 
are the object of recording: 
and a step for executing contents storing 
processing to said data storing means. 

14. A list updating method for a data processing device, 
storing in internal memory a revocation list which is 
a list storing an identifier of at least one of data stor- 
ing means or contents which are the object of for- 
bidding processing, said list having version infomna- 
tion indicating the newness of the list; 

wherein comparison processing between the 
version of an updating revocation list which is ex- 
ternally received, and the version of a revocation 
list which has already been stored in said intemal 
memory, is executed, and updating processing of 
the revocation list by said updating revocation list is 
executed under the condition of confimnation that 
the version of the revocation list stored in said in- 
ternal memory is newer than said updating revoca- 
tion list. 

15. A list updating method according to Claim 14, fur- 
ther comprising: 

a step for executing a data tampering check 
with regard to an externally received updating 
revocation list, based on a data integrity check 
value (ICV); 



wherein updating processing of the revoca- 
tion list by said updating revocation list is executed, 
based on a no data tampering judgment. 

5 16. A program providing medium for providing a com- 
puter program for causing execution on a computer 
system of data reproducing processing for a data 
reproducing device which executes reproducing 
processing of data stored in data storing means, 

10 said computer program comprising: 

a comparing step for executing comparison 
processing between a valid revocation list ver- 
sion stored in header information of contents 
15 which are the object of reproducing, and the 

version of a revocation list stored in Intemal 
memory of said data reproducing device; and 
a reproduction-related processing executing 
step for performing processing accompanying 
20 the reproducing of said contents which are the 

object of reproducing, under the condition of 
confirmation that the version of the revocation 
list stored in said internal memory is not older 
than the version set in the header information 
25 of said contents which are the object of repro- 

ducing. 

17. A data reproducing device for executing reproduc- 
ing processing of contents stored in data storing 
30 means; 

wherein said data reproducing device is of a 
configuration for reading a revocation list holding 
identifier data of at least one of data storing means 
or contents which are the object of forbidding 
35 processing into a memory interface which performs 
access to data storing means, and holding the rev- 
ocation list in a referable state in consecutively dif- 
fering processing within the memory interface. 

40 18. A data reproducing device according to Claim 17, 
further comprising a control unit for executing trans- 
mitting processing of a revocation list set command, 
which is a set command for the revocation list hold- 
ing identifier data of at least one of data storing 
45 means or contents which are the object of forbid- 
ding processing as to said memory interface, as 
processing at the time of activation; 

wherein said memory interface is of a config- 
uration for reading the revocation list into the mem- 
50 ory interface in response to reception of said revo- 
cation list set command, and executing revocation 
list set processing to enable reference processing 
within said memory interface. 

55 19. A data reproducing device according to Claim 17, 
wherein said memory interface is of a configuration 
for executing a data tampering check based on a 
data integrity check value (ICV) for the revocation 
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list read into said memory Interface, and executing 
revocation list set processing which enables refer- 
ence processing within said memory interface, un- 
der the condition that a no data tampering judgment 
has been made. 

20. A data reproducing device according to Claim 17, 
wherein said memory interface is of a configuration 
wherein a data storing means identifier is received 
from data storing means wherein data which is the 
object of reproducing is recorded, collation is exe- 
cuted between said received data storing means 
identifier and an identifier listed in the revocation list 
set in said memory interface, and in the event that 
the identifiers mutually match, the data reproducing 
processing is cancelled. 

21. A data reproducing device according to Claim 17, 
said memory interface having a configuration 
wherein an identifier of contents which are the ob- 
ject of reproducing is obtained from header informa- 
tion of the contents stored in the data storing 
means, collation is executed between the obtained 
contents identifier and an identifier listed in the rev- 
ocation list set in said memory interface, and in the 
event that the identifiers mutually match, the data 
reproducing processing is cancelled. 

22. A data reproducing device according to Claim 17, 
wherein said revocation list is of a configuration 
having identifier data for both the data storing 
means identifier which is the object of forbidding 
processing and contents which are the object of for- 
bidding processing. 

23. A data recording device for executing recording 
processing of contents to be stored in data storing 
means; 

wherein said data recording device is of a con- 
figuration for reading in a revocation list holding 
identifier data of at least one of data storing means 
or contents which are the object of forbidding 
processing into a memory Interface which performs 
access to data storing means, and holding the rev- 
ocation list in a referable state in consecutively dif- 
fering processing within the memory interface. 

24. A data recording device according to Claim 23, fur- 
ther comprising a control unit for executing trans- 
mitting processing of a revocation list set command, 
which is a set command for the revocation list hold- 
ing an identifier data of at least one of data storing 
means or contents which are the object of forbid- 
ding processing as to said memory interface, as 
processing at the time of activation; 

wherein said memory interface is of a config- 
uration for reading the revocation list into the mem- 
ory interface in response to reception of said revo- 



cation list set command, and executing revocation 
list set processing to enable reference processing 
within said memory interface. 

5 25. A data recording device according to Claim 23. 
wherein said memory interface Is of a configuration 
for executing a data tampering check based on a 
data integrity check value (ICV) for the revocation 
list read Into said memory Interface, and executing 

10 revocation list set processing which enables refer- 
ence processing within said memory interface, un- 
der the condition that a no data tampering judgment 
has been made. 

15 26. A data recording device according to Claim 23, 
wherein said memory interface is of a configuration 
wherein a data storing means identifier is received 
from data storing means wherein data which is the 
object of recording Is recorded, collation is executed 

20 between said received data storing means identifier 
and an Identifier listed in the revocation list set in 
said memory Interface, and in the event that the 
Identifiers mutually match, the data recording 
processing is cancelled. 

25 

27, A data recording device according to Claim 23, 
wherein said revocation list Is of a configuration 
having identifier data for both the data storing 
means Identifier which is the object of forbidding 

30 processing and contents which are the object of for- 
bidding processing. 

28. A data reproducing method for executing reproduc- 
ing processing of contents stored in data storing 

35 means, said method comprising: 

a step for reading a revocation list holding iden- 
tifier data of at least one of data storing means 
or contents which are the object of forbidding 

40 processing into a memory interface which per- 

forms access to data storing means; 
a step for holding the revocation list in a refer- 
able state in consecutively differing processing 
within the memory Interface; and 

45 a step for making reference to the revocation 

list set in said memory Interface and judging 
whether data reproduction processing is per- 
missible or impermissible. 

50 29. A data reproducing method according to Claim 28, 
further comprising: 

a step for executing transmitting processing of 
a revocation list set command, which is a set 
55 command for the revocation list holding an 

Identifier data of at least one of a data recording 
device or contents which are the object of for- 
bidding processing, as to said memory inter- 
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face which performs access to data storing 
means, from a control unit, as processing at the 
time of activation; and 

a step at said memory interface for reading the 
revocation list into the memory interface in re- 
sponse to reception of said revocation list set 
command, and executing revocation list set 
processing to enable reference processing 
within said memory interface. 

30. A data reproducing method according to Claim 28. 
wherein, further, a data tampering check is execut- 
ed based on a data integrity check value (ICV) for 
the revocation list read into said memory interface, 
and wherein revocation list set processing which 
enables reference processing within said memory 
interface is executed under the condition that a no 
data tampering judgment has been made. 

31. A data reproducing method according to Claim 28, 
further comprising, at said memory interface, a step 
for receiving a data storing means identifier from da- 
ta storing means wherein data which is the object 
of reproducing is recorded, collation is executed be- 
tween said received data storing means identifier 
and an identifier listed in the revocation list set in 
said memory interface, and in the event that the 
Identifiers mutually match, canceling the data repro- 
ducing processing. 

32. A data reproducing method according to Claim 28, 
further comprising, at said memory interface, a step 
for obtaining an identifier of contents which are the 
object of reproducing from header infomnation of the 
contents stored in the data storing means, execut- 
ing collation between the obtained contents identi- 
fier and an identifier listed in the revocation list set 
in said memory interface, and in the event that the 
identifiers mutually match, canceling the data repro- 
ducing processing. 

33. A data recording method for executing recording 
processing of contents to be recorded in data stor- 
ing means, said method comprising: 

a step for reading in a revocation list holding 
identifier data of at least one of data storing 
means or contents which are the object of for- 
bidding processing into a memory interface 
which performs access to data storing means; 
a step for holding the revocation list in a refer- 
able state in consecutively differing processing 
within the memory interface; and 
a step for making reference to the revocation 
list set in said memory interface and judging 
whether data recording processing is permissi- 
ble or impermissible. 
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34. A data recording method according to Claim 33, fur- 
ther comprising: 

a step for executing transmitting processing of 
5 a revocation list set command, which is a set 

command for the revocation list holding identi- 
fier data of at least one of data storing means 
or contents which are the object of forbidding 
processing, as to said memory interface, which 
10 performs access to data storing means, from a 

control unit, as processing at the time of activa- 
tion; 

a step at said memory interface for reading the 
revocation list into the memory interface in re- 

15 sponse to reception of said revocation list set 

command, and executing revocation list set 
processing to enable reference processing 
within said memory interface; and 
a step for making reference to the revocation 

20 list set in said memory interface and judging 

whether data recording processing is permissi- 
ble or impermissible. 

35. A data recording method according to Claim 33, 
25 wherein, further, a data tampering check is execut- 
ed based on a data integrity check value (ICV) for 
the revocation list read into said memory interface, 
and revocation list set processing which enables 
reference processing within said memory interface 

30 Is executed under the condition that a no data tam- 
pering judgment has been made. 

36. A data recording method according to Claim 33, fur- 
ther comprising, at said memory Interface, a step 

35 for receiving a data storing means identifier from da- 
ta storing means wherein data which Is the object 
of reproducing is recorded, collation is executed be- 
tween said received data storing means Identifier 
and an identifier listed in the revocation list set In 

40 said memory interface, and in the event that the 
Identifiers mutually match, canceling the data re- 
cording processing. 

37. A program providing medium for providing a com- 
45 puter program for causing execution on a computer 

system for reproduction processing of contents 
stored in data storing means, said computer pro- 
gram comprising: 

50 a step for reading a revocation list holding iden- 

tifier data of at least one of data storing means 
or contents which are the object of forbidding 
processing into a memory interface which per- 
forms access to data storing means; 

55 a step for holding the revocation list in a refer- 

able state In consecutively differing processing 
within the memory interface; and 
a step for making reference to the revocation 
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list set in said memory interface and judging 
whether data reproduction processing is per- 
missible or impermissible. 

38. A program providing medium for providing a com- 
puter program for causing execution on a computer 
system for recording processing for contents to be 
recorded in data storing means, said computer pro- 
gram comprising: 

a step for reading in a revocation list holding 
identifier data of at least one of data storing 
means or contents which are the object of for- 
bidding processing into a memory interface 
which performs access to data storing means; 
a step for holding the revocation list in a refer- 
able state in consecutively differing processing 
within the memory interface; and 
a step for making reference to the revocation 
list set in said memory interface and judging 
whether data recording processing is permissi- 
ble or impermissible. 

39. A data reproducing device for executing reproduc- 
ing processing of contents stored In data storing 
means, said data reproducing device having: 

a memory interface for executing accessing to 
said data storing means, and a control unit for 
executing control of said memory interface; 
said memory interface having internal memory 
storing a revocation list holding identifier data 
for each of data storing device and contents 
which are the object of forbidding processing; 

wherein said memory interface has a config- 
uration wherein a data storing means identifier is 
received from data storing means wherein data 
which is the object of reproducing is recorded, col- 
lation is executed between said received data stor- 
ing means identifier and an identifier listed in said 
revocation list, and in the event that the identifiers 
mutually match, the data reproducing processing is 
cancelled; 

and wherein an identifier of contents which 
are the object of reproducing is obtained from head- 
er information of the contents stored in the data stor- 
ing means, collation is executed between the ob- 
tained contents identifier and an identifier listed in 
said revocation list, and in the event that the iden- 
tifiers mutually match, the data reproducing 
processing is cancelled. 

40. A data reproducing device according to Claim 39, 
having a configuration wherein said memory Inter- 
face receives an identifier of data storing means 
which are media, based on a media recognition 
command from said control unit, and executes col- 



lation processing between said received data stor- 
ing means identifier and an Identifier listed In said 
revocation list. 

5 41. A data reproducing device according to Claim 39. 
having a configuration wherein said memory inter- 
face performs mutual authentication processing 
with data storing means which are media, based on 
a media recognition command from said control 

10 unit, receives a data storing means identifier in said 
mutual authentication processing, and executes 
collation processing between said received data 
storing means identifier and an identifier listed in 
said revocation list. 

15 

42. A data reproducing device according to Claim 39, 
having a configuration wherein said memory inter- 
face obtains a contents identifier stored in header 
information of contents to be reproduced, based on 
20 a data reproduction request command from said 
control unit, and executes collation processing be- 
tween said obtained contents identifier and an iden- 
tifier listed in said revocation list. 

25 43. A data reproducing device according to Claim 39, 
wherein said memory interface has a configuration 
for executing a data tampering check based on a 
data integrity check value (ICV) with regard to an 
updating revocation list which is externally re- 

30 ceived, whereby a no data tampering judgment is 
made; 

and wherein comparison processing between 
the version of an updating revocation list which is 
externally received, and the version of a revocation 

35 list which has already been stored in said internal 
memory, is executed, and updating processing of 
the revocation list by said updating revocation list is 
executed under the condition of confirmation that 
the version of the revocation list stored in said in- 

40 ternal memory is newer than said updating revoca- 
tion list. 

44. A data recording device for executing recording 
processing of contents stored in data storing- 
<5 means, said data recording device having: 

a memory interface for executing accessing to 
said data storing means, and a control unit for 
executing control of said memory Interface; 
50 said memory interface having internal memory 

storing a revocation list holding identifier data 
for each of data storing device and contents 
which are the object of forbidding processing; 

55 wherein said memory Interface has a config- 

uration wherein a data storing means identifier 
which Is the object of recording data is received, col- 
lation Is executed between said received data stor- 
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ing means identifier and a list identifier in said rev- 
ocation list, and in the event that the identifiers mu- 
tually match, the data recording processing is can- 
celled. 

45. A data recording device according to Claim 44, hav- 
ing a configuration wherein said memory interface 
receives an identifier of data storing means which 
are media, based on a media recognition command 
from said-control unit, and executes collation 
processing between said received data storing 
means identifier and an identifier listed in said rev- 
ocation list. 

46. A data recording device according to Claim 44, hav- 
ing a configuration wherein said memory interface 
performs mutual authentication processing with da- 
ta storing means which are media, based on a me- 
dia recognition command from said control unit, re- 
ceives a data storing means identifier In said mutual 
authentication processing, and executes collation 
processing between said received data storing 
means identifier and an identifier listed in said rev- 
ocation list. 

47. A data reproducing method for executing reproduc- 
ing processing of contents stored in data storing 
means; 

wherein, at a memory interface for executing 
accessing to said data storing means, a data storing 
means identifier is received from data storing 
means wherein data which is the object of repro- 
ducing is recorded, collation is executed between 
said received data storing means identifier and an 
identifier listed in said revocation list, and in the 
event that the identifiers mutually match, the data 
reproducing processing is cancelled; 

and wherein an identifier of contents which 
are the object of reproducing is obtained from head- 
er information of the contents stored In the data stor- 
ing means, collation Is executed between the ob- 
tained contents identifier and an identifier listed in 
said revocation list, and in the event that the iden- 
tifiers mutually match, the data reproducing 
processing is cancelled. 

48. A data reproducing method according to Claim 47, 
having a configuration wherein said memory inter- 
face receives an Identifier of data storing means 
which are media, based on a media recognition 
command from a control unit, and executes colla- 
tion processing between said received data storing 
means identifier and an identifier listed in said rev- 
ocation list. 

49. A data reproducing method according to Claim 47, 
having a configuration wherein said memory Inter- 
face performs mutual authentication processing 



with data storing means which are media, based on 
a media recognition command from a control unit, 
receives a data storing means identifier in said mu- 
tual authentication processing, and executes colla- 
5 tion processing between said received data storing 
means Identifier and an Identifier listed in said rev- 
ocation list. 

50. A data reproducing method according to Claim 47, 
10 having a configuration wherein said memory inter- 
face obtains a contents identifier stored In header 
information of contents to be reproduced, based on 
a data reproduction-request command from a con- 
trol unit, and executes collation processing between 

15 said obtained contents identifier and an Identifier 
listed in said revocation list. 

51. A data recording method for executing recording 
processing of contents stored in data storing 

20 means; 

wherein, at a memory interface for executing 
accessing to said data storing means, an identifier 
of said data storing means which is the object of 
recording data is received, collation is executed be- 

25 tween said received data storing means identifier 
and a list identifier in said revocation list, and In the 
event that the Identifiers mutually match, process- 
ing for canceling data recording is executed. 

30 52. A data recording method according to Claim 51, 
having a configuration wherein said memory inter- 
face receives an identifier of data storing means 
which are media, based on a media recognition 
command from a control unit, and executes colla- 
rs tion processing between said received data storing 
means identifier and an identifier listed in said rev- 
ocation list. 

53. A data recording method according to Claim 51 . 
40 wherein said memory interface performs mutual au- 
thentication processing with data storing means 
which are media, based on a media recognition 
command from said control unit, receives a data 
storing means identifier in said mutual authentica- 

45 tion processing, and executes collation processing 
between said received data storing means identifier 
and an Identifier listed in said revocation list. 

54. A program providing medium for providing a com- 
50 puter program for causing execution on a computer 

system for reproducing processing of contents 
stored in data storing means, said computer pro- 
gram comprising: 

55 a step for, at a memory interface for executing 

accessing to said data storing means, receiving 
a data storing means Identifier from data storing 
means wherein data which Is the object of re- 
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producing is recorded, executing collation be- 
tween said received data storing means identi- 
fier and an identifier listed in the revocation list, 
and in the event that the identifiers mutually 
match, canceling the data reproducing 5 
processing; and 

a step for obtaining an identifier of contents 
which are the object of reproducing from head- 
er information of the contents stored In the data 
storing means, executing collation between the 
obtained contents identifier and an Identifier 
listed in said revocation list, and in the event 
that the identifiers mutually match, canceling 
the data reproducing processing. 

15 

55. A program providing medium for providing a com- 
puter program for causing execution on a computer 
system for recording processing of contents to be 
stored In data storing means, said computer pro- 
gram comprising: 20 

a step for, at a memory interface for executing 
accessing to said data storing means, receiving 
an identifier of said data storing means which 
is the object of recording data, executing colla- 25 
tion between said received data storing means 
identifier and a list identifier in said revocation 
list, and In the event that the identifiers mutually 
match, canceling the data recording. 
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FIG. 12 
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